A Stateful Approach to Spyware Detection and Removal

Riverside, California December 18-December 20

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/PRDC.2006.15

12th Pacific Rim International Sympos ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ming-Wei Wu Articles by Yennun Huang Articles by Yi-Min Wang Articles by Sy-Yen Kuo

	ASCII Text	x
	Ming-Wei Wu, Yennun Huang, Yi-Min Wang, Sy-Yen Kuo, "A Stateful Approach to Spyware Detection and Removal," Pacific Rim International Symposium on Dependable Computing, IEEE, pp. 173-182, 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06), 2006.

	BibTex	x
	@article{ 10.1109/PRDC.2006.15, author = {Ming-Wei Wu and Yennun Huang and Yi-Min Wang and Sy-Yen Kuo}, title = {A Stateful Approach to Spyware Detection and Removal}, journal ={Pacific Rim International Symposium on Dependable Computing, IEEE}, volume = {0}, year = {2006}, isbn = {0-7695-2724-8}, pages = {173-182}, doi = {http://doi.ieeecomputersociety.org/10.1109/PRDC.2006.15}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Pacific Rim International Symposium on Dependable Computing, IEEE TI - A Stateful Approach to Spyware Detection and Removal SN - 0-7695-2724-8 SP173 EP182 A1 - Ming-Wei Wu, A1 - Yennun Huang, A1 - Yi-Min Wang, A1 - Sy-Yen Kuo, PY - 2006 KW - null VL - 0 JA - Pacific Rim International Symposium on Dependable Computing, IEEE ER -

Ming-Wei Wu, National Taiwan University

Yennun Huang, AT&T Labs, Florham Park, NJ

Yi-Min Wang, Microsoft Research

Sy-Yen Kuo, National Taiwan University

Spyware, a type of potentially unwanted programs (PUPs), has become a significant threat to most Internet users as it introduces serious privacy disclosure and potential security breach to the systems. Current anti-spyware tools use signatures to detect spyware programs. Over time, spyware programs have grown more resilient to this technique; they utilize critical areas of the system to survive reboots and set up mini-installers that re-install a spyware program after it's been detected and removed. Since existing anti-spyware tools are stateless in the sense that they do not remember and monitor the spyware programs that were removed, they fail to permanently remove these self-healing spyware programs. This paper proposes STARS (Stateful Threat-Aware Removal System): a tool that at run time intercepts critical system accesses and assures removed spyware does not re-install itself after a successful removal of spyware program in the system. If a re-installation (self-healing) is detected, STARS infers the source of such activities and discovers additional "suspicious" programs. Experimental results show that STARS is effective in removing self-healing spyware programs that existing anti-spyware tools fail to do.

Citation:

Ming-Wei Wu, Yennun Huang, Yi-Min Wang, Sy-Yen Kuo, "A Stateful Approach to Spyware Detection and Removal," prdc, pp.173-182, 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.