Spyware Detection Jeff Rosenberg Advisor: Professor Hemmendinger

Slides:



Advertisements
Similar presentations
Cyber-Safety Instructors: Connie Hutchison & Christopher McCoy.
Advertisements

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
By Osiris Double click on “AntiSpyWare” folder.. By Osiris Double click on “SuperAntiSpyW are”.
Chapter 6: Memory Management
Computer Information Technology – Section 2-4. Objectives The Student will Understand the basic system tools and how to use them Understand virus and.
Database Management Systems, R. Ramakrishnan and J. Gehrke1 External Sorting Chapter 11.
External Sorting CS634 Lecture 10, Mar 5, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.
Query Evaluation. An SQL query and its RA equiv. Employees (sin INT, ename VARCHAR(20), rating INT, age REAL) Maintenances (sin INT, planeId INT, day.
DATA MINING CS157A Swathi Rangan. A Brief History of Data Mining The term “Data Mining” was only introduced in the 1990s. Data Mining roots are traced.
Removing Spyware Cleaning Up Your Computer. Pin Point the Problem Is Your Computer Not Running Properly? Are You Sure That the Problem is Spyware? Observe.
Steganography Part 2 – Detection and Research. Introduction to Steganalysis What is steganalysis?  The art of detecting messages hidden by steganography.
1 External Sorting Chapter Why Sort?  A classic problem in computer science!  Data requested in sorted order  e.g., find students in increasing.
Using the Java programming language compiler. Review of relevant material from previous lectures From previous lectures: A computer can only execute machine.
Software utilities Gladys Nzita-Mak. Disk defragmentation Disk defragmentation makes computers run efficiently. When you save, change or delete files.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Computer Information Technology – Section 2-4. Objectives The Student will Understand the basic system tools and how to use them Understand virus and.
OPERATION SYSTEM (WINDOWS) VIRUS REMOVAL. COMPUTER VIRUS - Type of malware that, when executed, replicates by inserting copies of itself (possibly modified)
SIDDHARTH MEHTA PURSUING MASTERS IN COMPUTER SCIENCE (FALL 2008) INTERESTS: SYSTEMS, WEB.
CS 346 – Chapter 10 Mass storage –Advantages? –Disk features –Disk scheduling –Disk formatting –Managing swap space –RAID.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:
The Solution Write a spyware detection program that does not use a reference list. Instead, find spyware using tests that look for files that exhibit traits.
General Programming Introduction to Computing Science and Programming I.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
1 What is a computer virus? Computer program Replicating Problematic "Event" Types Detection and prevention.
Find Find basics. find ~ -name myfile –print find directory criteria This will search the home directory (~) looking for files.
The disk surface is divided into tracks. into tracks. 1.
Computer Information Technology – Section 2-4. Objectives The Student will Understand the basic system tools and how to use them Understand virus and.
Sorting.
Unit Testing Maintaining Quality. How do you test? Testing to date…
Intro to Sorting Intro to Computer Science CS1510 Dr. Sarah Diesburg.
Chapter 1 : The Linux System Part 2 Lecture 2 11/14/
Getting to Know Your Computer Your File System Applications What’s running on your machine Its own devices Networking.
Unix Commands PowerPoint Presentation developed for LS 560 Information Technology online class - University of Alabama by Debey Sklenar TENacious Cohort.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Submitted By :- Neeraj Kumar Singh Branch :Electronics&communication Topic : computer Viruses Submitted to :- Ms. Veena Gupta.
SECTION 5: PERFORMANCE CHRIS ZINGRAF. OVERVIEW: This section measures the performance of MapReduce on two computations, Grep and Sort. These programs.
Authorization vs. Authentication Authentication is the process of proving identity to the system –login Authorization happens after authentication. It.
The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.
Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke1 External Sorting Chapters 13: 13.1—13.5.
Database Management Systems, R. Ramakrishnan and J. Gehrke1 External Sorting Chapter 11.
External Sorting. Why Sort? A classic problem in computer science! Data requested in sorted order –e.g., find students in increasing gpa order Sorting.
Computer Performance. Hard Drive - HDD Stores your files, programs, and information. If it gets full, you can’t save any more. Measured in bytes (KB,
Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.
JavaScript Part 1 Introduction to scripting The ‘alert’ function.
bitdefender virus protection
2.4 Cyber-Safety.
Three steps to prevent Malware infection
Tonga Institute of Higher Education IT 141: Information Systems
Divide and Conquer.
Introduction to Computing Science and Programming I
Common Methods Used to Commit Computer Crimes
Lecture 16: Data Storage Wednesday, November 6, 2006.
Learn How to Register as a Student and Upload a Resume
Popular Operating Systems
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
File Management.
HP Computer Support Number. How To Fix HP Computer’s Blurry or Stretched Issues? Step 1: Restart the computer Step 2: Adjust the display resolution.
ATTACKS ON WINZIP ENCRYPTION
Optimizing Malloc and Free
CSE 451: Operating Systems Winter 2006 Module 13 Secondary Storage
2.4 Cyber-Safety.
Selected Topics: External Sorting, Join Algorithms, …
CSE451 Virtual Memory Paging Autumn 2002
External Sorting.
Executing Host Commands
Lecture 20: Representing Data Elements
B+-trees In practice, B-trees are not used much as defined earlier.
Presentation transcript:

Spyware Detection Jeff Rosenberg Advisor: Professor Hemmendinger Computer Science Senior Project Winter 2006

Why bother? Most spyware removal tools use a list of known spyware programs List must be constantly updated Won’t catch anything that’s not listed At the mercy of those who create it Rather than use a reference list, detect spyware based on patterns it shows Avoids the need to update

The Program C++ program that uses MFC Easy to make a dialog-based interface Searches a computer, testing all files and directories it encounters Displays a list of detected files and directories, along with their probabilities of being spyware Based on which tests they passed

Searching Dir2 Dir4 Dir3 Bad Files List root Dir1 Dir3 File10 Dir2

Testing 123 Patterns – size, name, type Tests – combinations of patterns that spyware often exhibits SizePattern 400, 800 NamePattern “spy” TypePattern “exe” 00000001 00000010 00000100 SpywareExe - looks for executable files with “spy” in the name SmallExe - looks for executable files between 400 and 800 bytes 00000110 00000101 File ThisIsSpyWare.exe 2KB 00000110 & 00000110 = 00000110 00000110 00000110 & 00000101 = 00000100

Time is on my side Spyware often appears in groups, with all files created at the exact same time Can also use these bad dates to find spyware in other locations Algorithm to find date clusters in a given directory Sort a list of files by date Starting with the first file in the list, look through all of the files that follow as long as their dates are within a certain range of each other Continue until a date is found outside of this range. The probability of being spyware for files in this cluster depends on how many files are in it.

Program Interface

Conclusions/Future Work Can be hard to distinguish between good and bad files Still did a good job of finding all the spyware on the test machine Tests were developed from infections in October, but were still able to find spyware from new infections in February Learning – adjusting tests on the fly and create new ones Optimization Many of the algorithms used can be sped up significantly Still does okay, took 3 minutes and 35 seconds to scan 131,301 files (37GB)

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.