Siren: Catching Evasive Malware (Short Paper)

S
SP
2006
2006 IEEE Symposium on Security and Privacy (S&P'06)
Abstract - Siren: Catching Evasive Malware (Short Paper)

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Kevin Borders Articles by Xin Zhao Articles by Atul Prakash

2006 IEEE Symposium on Security and Privacy (S&P'06)

Berkeley/Oakland, California

May 21-May 24

ISBN: 0-7695-2574-1

	ASCII Text	x
	Kevin Borders, Xin Zhao, Atul Prakash, "Siren: Catching Evasive Malware (Short Paper)," Security and Privacy, IEEE Symposium on, pp. 78-85, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006.

	BibTex	x
	@article{ 10.1109/SP.2006.37, author = {Kevin Borders and Xin Zhao and Atul Prakash}, title = {Siren: Catching Evasive Malware (Short Paper)}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1081-6011}, pages = {78-85}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2006.37}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Siren: Catching Evasive Malware (Short Paper) SN - 1081-6011 SP78 EP85 A1 - Kevin Borders, A1 - Xin Zhao, A1 - Atul Prakash, PY - 2006 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Kevin Borders, University of Michigan, Ann Arbor

Xin Zhao, University of Michigan, Ann Arbor

Atul Prakash, University of Michigan, Ann Arbor

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2006.37

With the growing popularity of anomaly detection systems, which is due partly to the rise in zero-day attacks, a new class of threats have evolved where the attacker mimics legitimate activity to blend in and avoid detection. We propose a new system called Siren that injects crafted human input alongside legitimate user activity to thwart these mimicry attacks. The crafted input is specially designed to trigger a known sequence of network requests, which Siren compares to the actual traffic. It then flags unexpected messages as malicious. Using this method, we were able to detect ten spyware programs that we tested, many of which attempt to blend in with user activity. This paper presents the design, implementation, and evaluation of the Siren activity injection system, as well as a discussion of its potential limitations.

Citation:

Kevin Borders, Xin Zhao, Atul Prakash, "Siren: Catching Evasive Malware (Short Paper)," sp, pp.78-85, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.