TY - GEN
T1 - A stateful approach to spyware detection and removal
AU - Wu, Ming Wei
AU - Huang, Yennun
AU - Wang, Yi Min
AU - Kuo, Sy Yen
PY - 2006
Y1 - 2006
N2 - Spyware, a type of potentially unwanted programs (PUPs), has become a significant threat to most Internet users as it introduces serious privacy disclosure and potential security breach to the systems. Current anti-spyware tools use signatures to detect spyware programs. Over time, spyware programs have grown more resilient to this technique; they utilize critical areas of the system to survive reboots and set up mini-installers that re-install a spyware program after it's been detected and removed. Since existing anti-spyware tools are stateless in the sense that they do not remember and monitor the spyware programs that were removed, they fail to permanently remove these self-healing spyware programs. This paper proposes STARS (Stateful Threat-Aware Removal System): a tool that at run time intercepts critical system accesses and assures removed spyware does not re-install itself after a successful removal of spyware program in the system. If a re-installation (self-healing) is detected, STARS infers the source of such activities and discovers additional "suspicious" programs. Experimental results show that STARS is effective in removing self-healing spyware programs that existing anti-spyware tools fail to do.
AB - Spyware, a type of potentially unwanted programs (PUPs), has become a significant threat to most Internet users as it introduces serious privacy disclosure and potential security breach to the systems. Current anti-spyware tools use signatures to detect spyware programs. Over time, spyware programs have grown more resilient to this technique; they utilize critical areas of the system to survive reboots and set up mini-installers that re-install a spyware program after it's been detected and removed. Since existing anti-spyware tools are stateless in the sense that they do not remember and monitor the spyware programs that were removed, they fail to permanently remove these self-healing spyware programs. This paper proposes STARS (Stateful Threat-Aware Removal System): a tool that at run time intercepts critical system accesses and assures removed spyware does not re-install itself after a successful removal of spyware program in the system. If a re-installation (self-healing) is detected, STARS infers the source of such activities and discovers additional "suspicious" programs. Experimental results show that STARS is effective in removing self-healing spyware programs that existing anti-spyware tools fail to do.
UR - http://www.scopus.com/inward/record.url?scp=40349106306&partnerID=8YFLogxK
U2 - 10.1109/PRDC.2006.15
DO - 10.1109/PRDC.2006.15
M3 - 会议稿件
AN - SCOPUS:40349106306
SN - 0769527248
SN - 9780769527246
T3 - Proceedings - 12th Pacific Rim International Symposium on Dependable Computing, PRDC 2006
SP - 173
EP - 180
BT - Proceedings - 12th Pacific Rim International Symposium on Dependable Computing, PRDC 2006
T2 - 12th Pacific Rim International Symposium on Dependable Computing, PRDC 2006
Y2 - 18 December 2006 through 20 December 2006
ER -