	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Weidong Cui Articles by Randy H. Katz Articles by Wai-tian Tan

21st Annual Computer Security Applications Conference (ACSAC'05)

Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers

Tucson, Arizona

December 05-December 09

ISBN: 0-7695-2461-3

	ASCII Text	x
	Weidong Cui, Randy H. Katz, Wai-tian Tan, "Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers," Computer Security Applications Conference, Annual, pp. 361-370, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.19, author = {Weidong Cui and Randy H. Katz and Wai-tian Tan}, title = {Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {361-370}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.19}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers SN - 1063-9527 SP361 EP370 A1 - Weidong Cui, A1 - Randy H. Katz, A1 - Wai-tian Tan, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Weidong Cui, University of California, Berkeley and Hewlett-Packard Laboratories

Randy H. Katz, University of California, Berkeley and Hewlett-Packard Laboratories

Wai-tian Tan, University of California, Berkeley and Hewlett-Packard Laboratories

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.19

An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. In this paper, we tackle the problem of automated detection of break-ins caused by unknown malware targeting personal computers. We develop a host based system, BINDER (Break-IN DEtectoR), to detect break-ins by capturing user unintended malicious outbound connections (referred to as extrusions). To infer user intent, BINDER correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. Thus BINDER can detect a large class of unknown malware such as worms, spyware and adware without requiring signatures. We have successfully used BINDER to detect real world spyware on daily used computers and email worms on a controlled testbed with very small false positives.

Citation:

Weidong Cui, Randy H. Katz, Wai-tian Tan, "Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers," acsac, pp.361-370, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.