dynamic spyware analysis
play

Dynamic Spyware Analysis M. Egele 1 & C. Kruegel 1 & E. Kirda - PowerPoint PPT Presentation

Nov 26, 2023 •33 likes •773 views

Motivation Our Solution System Design & Implementation Evaluation Dynamic Spyware Analysis M. Egele 1 & C. Kruegel 1 & E. Kirda 1 & H. Yin 2 , 3 & D. Song 2 1 Secure Systems Lab Vienna University of Technology 2 Carnegie

  1. Motivation Our Solution System Design & Implementation Evaluation Dynamic Spyware Analysis M. Egele 1 & C. Kruegel 1 & E. Kirda 1 & H. Yin 2 , 3 & D. Song 2 1 Secure Systems Lab Vienna University of Technology 2 Carnegie Mellon University 3 College of William and Mary USENIX Annual Technical Conference, June 21, 2007 M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  2. Motivation Our Solution System Design & Implementation Evaluation spyware - a threat to internet users Spyware is malware that is installed on a computer to monitor user actions Spyware is an important threat to the security and privacy of Internet users An analysis by Webroot and Earthlink showed that a large portion of Internet-connected computers are infected with spyware Spyware also degrades performance and causes unexpected side-effects BHOs are a very popular kind of spyware (Weng et al, 90 of 120 spyware samples use BHO architecture) M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  3. Motivation Our Solution System Design & Implementation Evaluation spyware - a threat to internet users Spyware is malware that is installed on a computer to monitor user actions Spyware is an important threat to the security and privacy of Internet users An analysis by Webroot and Earthlink showed that a large portion of Internet-connected computers are infected with spyware Spyware also degrades performance and causes unexpected side-effects BHOs are a very popular kind of spyware (Weng et al, 90 of 120 spyware samples use BHO architecture) M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  4. Motivation Our Solution System Design & Implementation Evaluation spyware - a threat to internet users Spyware is malware that is installed on a computer to monitor user actions Spyware is an important threat to the security and privacy of Internet users An analysis by Webroot and Earthlink showed that a large portion of Internet-connected computers are infected with spyware Spyware also degrades performance and causes unexpected side-effects BHOs are a very popular kind of spyware (Weng et al, 90 of 120 spyware samples use BHO architecture) M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  5. Motivation Our Solution System Design & Implementation Evaluation spyware - a threat to internet users Spyware is malware that is installed on a computer to monitor user actions Spyware is an important threat to the security and privacy of Internet users An analysis by Webroot and Earthlink showed that a large portion of Internet-connected computers are infected with spyware Spyware also degrades performance and causes unexpected side-effects BHOs are a very popular kind of spyware (Weng et al, 90 of 120 spyware samples use BHO architecture) M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  6. Motivation Our Solution System Design & Implementation Evaluation spyware - a threat to internet users Spyware is malware that is installed on a computer to monitor user actions Spyware is an important threat to the security and privacy of Internet users An analysis by Webroot and Earthlink showed that a large portion of Internet-connected computers are infected with spyware Spyware also degrades performance and causes unexpected side-effects BHOs are a very popular kind of spyware (Weng et al, 90 of 120 spyware samples use BHO architecture) M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  7. Motivation Our Solution System Design & Implementation Evaluation drawbacks of existing signature-based tools A number of signature-based anti-spyware products exist that share some drawbacks of that approach Unable to detect previously unknown threats Need continuous signature updates Often require human analysis before creating signatures M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  8. Motivation Our Solution System Design & Implementation Evaluation drawbacks of existing signature-based tools A number of signature-based anti-spyware products exist that share some drawbacks of that approach Unable to detect previously unknown threats Need continuous signature updates Often require human analysis before creating signatures M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  9. Motivation Our Solution System Design & Implementation Evaluation drawbacks of existing signature-based tools A number of signature-based anti-spyware products exist that share some drawbacks of that approach Unable to detect previously unknown threats Need continuous signature updates Often require human analysis before creating signatures M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  10. Motivation Our Solution System Design & Implementation Evaluation behavior-based detection To overcome the shortcomings of signature-based detectors We implemented a behavioral-based detection technique That classifies a program as spyware if It monitors user behavior 1 And then leaks the gathered information to a third party (the 2 attacker) M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  11. Motivation Our Solution System Design & Implementation Evaluation behavior-based detection To overcome the shortcomings of signature-based detectors We implemented a behavioral-based detection technique That classifies a program as spyware if It monitors user behavior 1 And then leaks the gathered information to a third party (the 2 attacker) M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  12. Motivation Our Solution System Design & Implementation Evaluation behavior-based detection To overcome the shortcomings of signature-based detectors We implemented a behavioral-based detection technique That classifies a program as spyware if It monitors user behavior 1 And then leaks the gathered information to a third party (the 2 attacker) M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  13. Motivation Our Solution System Design & Implementation Evaluation behavior-based detection To overcome the shortcomings of signature-based detectors We implemented a behavioral-based detection technique That classifies a program as spyware if It monitors user behavior 1 And then leaks the gathered information to a third party (the 2 attacker) M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  14. Motivation Our Solution System Design & Implementation Evaluation our approach Focus of analysis on BHOs We use dynamic analysis to monitor BHO for presence of malicious behavior Two challenges need to be solved Track the flow of sensitive data throughout the system 1 Observe what actions are performed by the BHO under analysis 2 M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  15. Motivation Our Solution System Design & Implementation Evaluation our approach Focus of analysis on BHOs We use dynamic analysis to monitor BHO for presence of malicious behavior Two challenges need to be solved Track the flow of sensitive data throughout the system 1 Observe what actions are performed by the BHO under analysis 2 M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  16. Motivation Our Solution System Design & Implementation Evaluation our approach Focus of analysis on BHOs We use dynamic analysis to monitor BHO for presence of malicious behavior Two challenges need to be solved Track the flow of sensitive data throughout the system 1 Observe what actions are performed by the BHO under analysis 2 M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  17. Motivation Our Solution System Design & Implementation Evaluation our approach Focus of analysis on BHOs We use dynamic analysis to monitor BHO for presence of malicious behavior Two challenges need to be solved Track the flow of sensitive data throughout the system 1 Observe what actions are performed by the BHO under analysis 2 M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  18. Motivation Our Solution System Design & Implementation Evaluation our approach Focus of analysis on BHOs We use dynamic analysis to monitor BHO for presence of malicious behavior Two challenges need to be solved Track the flow of sensitive data throughout the system 1 Observe what actions are performed by the BHO under analysis 2 M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

  19. Motivation Our Solution System Design & Implementation Evaluation our approach Our solution features three key components 1 URLs and page contents considered to contain sensitive information 2 The propagation of this data throughout the system is observed by taint tracking 3 By monitoring system calls, attempts of leaking sensitive information can be identified M. Egele & C. Kruegel & E. Kirda & H. Yin & D. Song Dynamic Spyware Analysis

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Crawler-based Study of Spyware in the Web Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank

A Crawler-based Study of Spyware in the Web Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank

A Crawler-based Study of Spyware in the Web Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank Levy Department of Computer Science and Engineering University of Washington Seattle, WA What do we mean by spyware? Difficult to define spyware

635 views • 31 slides
Introduction to Dynamic Analysis Reference material Introduction to dynamic analysis Zhu,

Introduction to Dynamic Analysis Reference material Introduction to dynamic analysis Zhu,

Introduction to Dynamic Analysis Reference material Introduction to dynamic analysis Zhu, Hong, Patrick A. V. Hall, and John H. R. May, "Software Unit Test Coverage and Adequacy," ACM Computing Surveys, vol. 29, no.4, pp.

1.03k views • 58 slides
Management Strategies and Dynamic Financial Analysis Dynamic Financial Analysis CAS Spring

Management Strategies and Dynamic Financial Analysis Dynamic Financial Analysis CAS Spring

Management Strategies and Dynamic Financial Analysis Dynamic Financial Analysis CAS Spring Meeting Martin Eling, University of Ulm Thomas Parnitzke, Baloise Holding San Diego, May 23-26, 2010 Hato Schmeiser, University of St. Gallen Hato

639 views • 30 slides
Today Amortized analysis Dynamic tables Amortized Analysis and Splay Trees Splay

Today Amortized analysis Dynamic tables Amortized Analysis and Splay Trees Splay

Today Amortized analysis Dynamic tables Amortized Analysis and Splay Trees Splay trees Inge Li Grtz CLRS Chapter 17 Je ff Erickson notes Dynamic tables Dynamic tables Problem. Have to assign size of table at initialization.

365 views • 11 slides
Supporting PHP Dynamic Analysis in PHP AiR Mark Hills 13th International Workshop on Dynamic

Supporting PHP Dynamic Analysis in PHP AiR Mark Hills 13th International Workshop on Dynamic

Supporting PHP Dynamic Analysis in PHP AiR Mark Hills 13th International Workshop on Dynamic Analysis (WODA 2015) October 26, 2015 Pittsburgh, Pennsylvania, USA http://www.rascal-mpl.org 1 PHP AiR: PHP Analysis in Rascal PHP AiR: a framework

528 views • 16 slides
Dyna Dynamic mic Analysis Analysis of the of the Co-evo Co evoluti lution on of Ex of

Dyna Dynamic mic Analysis Analysis of the of the Co-evo Co evoluti lution on of Ex of

Dyna Dynamic mic Analysis Analysis of the of the Co-evo Co evoluti lution on of Ex of Exac act t Cove Covers rs EVOLVE 2011, Luxembourg Jeffrey Horn GECCO June 28, 2005 IEEE SSCI FOCI 2007 Northern Nort hern Mi Michigan Univer

981 views • 46 slides
EPICREALM DYNAMIC WEBSITE PATENTS CLAIM CONSTRUCTION ANALYSIS Dan Ravicher What is a Dynamic

EPICREALM DYNAMIC WEBSITE PATENTS CLAIM CONSTRUCTION ANALYSIS Dan Ravicher What is a Dynamic

EPICREALM DYNAMIC WEBSITE PATENTS CLAIM CONSTRUCTION ANALYSIS Dan Ravicher What is a Dynamic Website? Produces a Customized Response to User Input Examples Google, Yahoo and other seach engines Online banking E-Tailors

437 views • 26 slides
Spyware Spyware Steven Gribble Steven Gribble Department of Computer Science and Engineering

Spyware Spyware Steven Gribble Steven Gribble Department of Computer Science and Engineering

Spyware Spyware Steven Gribble Steven Gribble Department of Computer Science and Engineering Department of Computer Science and Engineering University of Washington University of Washington kingsofchaos.com .com kingsofchaos A benign web

792 views • 31 slides
CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is software that aids in gathering A virus is a computer program that is information about a person or organization capable of making copies of itself

716 views • 56 slides
Automated capability analysis in Wordpress plugins Using static and dynamic analysis SNE RP2

Automated capability analysis in Wordpress plugins Using static and dynamic analysis SNE RP2

Automated capability analysis in Wordpress plugins Using static and dynamic analysis SNE RP2 Frank Uijtewaal Collab: DongIT (dongit.nl) Initial project goal Find a new and interesting type of security analysis for web applications

480 views • 35 slides
EDA045F: Program Analysis LECTURE 8: DYNAMIC ANALYSIS 1 Christoph Reichenbach In the last

EDA045F: Program Analysis LECTURE 8: DYNAMIC ANALYSIS 1 Christoph Reichenbach In the last

EDA045F: Program Analysis LECTURE 8: DYNAMIC ANALYSIS 1 Christoph Reichenbach In the last lecture. . . More Points-to Analysis Memory Errors 2 / 44 Challenges to Static Analysis Static analysis is far from solved Very active

574 views • 42 slides
Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Plan Dynamic Linear Models Bayesian Analysis of Dynamic Linear Models in R The R package dlm

Plan Dynamic Linear Models Bayesian Analysis of Dynamic Linear Models in R The R package dlm

Plan Dynamic Linear Models Bayesian Analysis of Dynamic Linear Models in R The R package dlm Giovanni Petris Examples & applications GPetris@uark.edu Department of Mathematical Sciences University of Arkansas useR! 2006 p.1/26 useR!

386 views • 7 slides
Dynamic Analysis 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich Part 1:

Dynamic Analysis 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich Part 1:

Dynamic Analysis 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich Part 1: Performance Analysis Your boss tells you, make it run faster. What do you do?

530 views • 3 slides
A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web Alexei Bulazel & Blent Yener River Loop Security Rensselaer Polytechnic Institute (RPI) Introduction Automated dynamic malware analysis is

684 views • 33 slides
Dynamic Programming - II Algorithm : Design & Analysis [17] In the last class

Dynamic Programming - II Algorithm : Design & Analysis [17] In the last class

Dynamic Programming - II Algorithm : Design & Analysis [17] In the last class Recursion and Subproblem Graph Basic Idea of Dynamic Programming Least Cost of Matrix Multiplication Extracting Optimal Multiplication Order

666 views • 28 slides
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones William Enck Peter Gilbert Byung-Gon Chun Landon P. Cox Jaeyeon Jung Patrick McDaniel Anmol N. Sheth Presentation by Krzysztof Pawlowski

447 views • 30 slides
Dytan: A Generic Dynamic Taint Analysis Framework James Clause, Wanchun (Paul) Li, and

Dytan: A Generic Dynamic Taint Analysis Framework James Clause, Wanchun (Paul) Li, and

Dytan: A Generic Dynamic Taint Analysis Framework James Clause, Wanchun (Paul) Li, and Alessandro Orso College of Computing Georgia Institute of Technology Partially supported by: NSF awards CCF-0541080 and CCR-0205422 to Georgia Tech, DHS

671 views • 40 slides
Dynamic Taint Propagation Finding Vulnerabilities Without Attacking Brian Chess / Jacob West

Dynamic Taint Propagation Finding Vulnerabilities Without Attacking Brian Chess / Jacob West

Dynamic Taint Propagation Finding Vulnerabilities Without Attacking Brian Chess / Jacob West Fortify Software 2.21.08 Overview Motivation Dynamic taint propagation Sources of inaccuracy Integrating with QA Related work

740 views • 70 slides
How to get regulation right? Balancing growth, risk, and equity Catherine L. Mann OECD Chief

How to get regulation right? Balancing growth, risk, and equity Catherine L. Mann OECD Chief

CEPR 10 Years After the Crisis How to get regulation right? Balancing growth, risk, and equity Catherine L. Mann OECD Chief Economist 22 September 2017 London OECD resilience framework: Potential trade-offs between growth and risk

632 views • 13 slides
FIN 48 Quantifying the unknowable Serious people shortage hits tax departments Sovereign wealth

FIN 48 Quantifying the unknowable Serious people shortage hits tax departments Sovereign wealth

SPONSORED FEATURES: Switzerland Outsourcing: fools gold? Doing business in Malta A Euromoney publication April 2008 The future for double tax treaties Italy revises thin cap rules China issues raft of new tax rules FIN 48 Quantifying

79 views • 4 slides
A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical problem and how to ignore it An example static analysis What is static analysis used for? Commercial successes Free static analysis tools you should

488 views • 37 slides
0-Knowledge Fuzzing Vincenzo Iozzo vincenzo.iozzo@zynamics.com

0-Knowledge Fuzzing Vincenzo Iozzo vincenzo.iozzo@zynamics.com

0-Knowledge Fuzzing Vincenzo Iozzo vincenzo.iozzo@zynamics.com Disclaimer In this talk you wont see all those formulas, formal definiEon, code snippets and

1.05k views • 71 slides
PROCESSED FOOD WHAT WE DO Processing laboratory for cereals (TROYES-FR) Malt and Beer;

PROCESSED FOOD WHAT WE DO Processing laboratory for cereals (TROYES-FR) Malt and Beer;

IMPACT OF PESTICIDES ON THE QUALITY OF PROCESSED FOOD WHAT WE DO Processing laboratory for cereals (TROYES-FR) Malt and Beer; Bread and analyses on flour according to the French processsing CEB 218 guideline. Processing

346 views • 13 slides

More recommend