https://scholars.lib.ntu.edu.tw/handle/123456789/500943
Title: | A stateful approach to spyware detection and removal | Authors: | Wu, M.-W. Huang, Y. Wang, Y.-M. Kuo, S.-Y. SY-YEN KUO |
Issue Date: | 2006 | Start page/Pages: | 173-180 | Source: | Proceedings - 12th Pacific Rim International Symposium on Dependable Computing, PRDC 2006 | Abstract: | Spyware, a type of potentially unwanted programs (PUPs), has become a significant threat to most Internet users as it introduces serious privacy disclosure and potential security breach to the systems. Current anti-spyware tools use signatures to detect spyware programs. Over time, spyware programs have grown more resilient to this technique; they utilize critical areas of the system to survive reboots and set up mini-installers that re-install a spyware program after it's been detected and removed. Since existing anti-spyware tools are stateless in the sense that they do not remember and monitor the spyware programs that were removed, they fail to permanently remove these self-healing spyware programs. This paper proposes STARS (Stateful Threat-Aware Removal System): a tool that at run time intercepts critical system accesses and assures removed spyware does not re-install itself after a successful removal of spyware program in the system. If a re-installation (self-healing) is detected, STARS infers the source of such activities and discovers additional "suspicious" programs. Experimental results show that STARS is effective in removing self-healing spyware programs that existing anti-spyware tools fail to do. © 2006 IEEE. |
URI: | https://scholars.lib.ntu.edu.tw/handle/123456789/500943 | DOI: | 10.1109/PRDC.2006.15 | SDG/Keyword: | Anti-spyware tools; Privacy disclosure; Spyware detection; Electronic document identification systems; Internet; Security systems; Computer crime |
Appears in Collections: | 電機工程學系 |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.