Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Detection of Spyware by Mining Executable Files
School of Computing, Blekinge Institute of Technology, Ronneby, Sweden .ORCID iD: 0000-0002-0535-1761
2010 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Spyware represents a serious threat to confidentiality since it may result in loss of control over private data for computer users. This type of software might collect the data and send it to a third party without informed user consent. Traditionally two approaches have been presented for the purpose of spyware detection: Signature-based Detection and Heuristic-based Detection. These approaches perform well against known Spyware but have not been proven to be successful at detecting new spyware. This paper presents a Spyware detection approach by using Data Mining (DM) technologies. Our approach is inspired by DM-based malicious code detectors, which are known to work well for detecting viruses and similar software. However, this type of detector has not been investigated in terms of how well it is able to detect spyware. We extract binary features, called n-grams, from both spyware and legitimate software and apply five different supervised learning algorithms to train classifiers that are able to classify unknown binaries by analyzing extracted n-grams. The experimental results suggest that our method is successful even when the training data is scarce.

Place, publisher, year, edition, pages
Krakow: IEEE Computer Society, 2010.
Keyword [en]
Spyware Detection, Data Mining, Malicious Code, Feature Extraction
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:hj:diva-37963DOI: 10.1109/ARES.2010.105ISI: 000278197800042OAI: oai:DiVA.org:hj-37963DiVA: diva2:1159726
Conference
The Fifth International Conference on Availability, Reliability and Security (ARES 2010)
Available from: 2017-11-23 Created: 2017-11-23 Last updated: 2017-11-23Bibliographically approved

Open Access in DiVA

fulltext(300 kB)3 downloads
File information
File name FULLTEXT01.pdfFile size 300 kBChecksum SHA-512
40dc075ff0c279ccd2a2c294f4686f99842491acc4d115f067066fc3007a2a68fdf0d180f84f43983a97a1946e1f5aff9430f9a1624d1b7e605b429153bd76b2
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Authority records BETA

Lavesson, Niklas

Search in DiVA

By author/editor
Lavesson, Niklas
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 3 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 8 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf