Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spyware Detection Jeff Rosenberg Advisor: Professor Hemmendinger

Published byFerdinand Holmes Modified over 6 years ago

Similar presentations

Presentation on theme: "Spyware Detection Jeff Rosenberg Advisor: Professor Hemmendinger"— Presentation transcript:

1 Spyware Detection Jeff Rosenberg Advisor: Professor Hemmendinger
Computer Science Senior Project Winter 2006

2 Why bother? Most spyware removal tools use a list of known spyware programs List must be constantly updated Won’t catch anything that’s not listed At the mercy of those who create it Rather than use a reference list, detect spyware based on patterns it shows Avoids the need to update

3 The Program C++ program that uses MFC
Easy to make a dialog-based interface Searches a computer, testing all files and directories it encounters Displays a list of detected files and directories, along with their probabilities of being spyware Based on which tests they passed

4 Searching Dir2 Dir4 Dir3 Bad Files List root Dir1 Dir3 File10 Dir2

5 Testing 123 Patterns – size, name, type
Tests – combinations of patterns that spyware often exhibits SizePattern 400, 800 NamePattern “spy” TypePattern “exe” SpywareExe - looks for executable files with “spy” in the name SmallExe - looks for executable files between 400 and 800 bytes File ThisIsSpyWare.exe 2KB & = & =

6 Time is on my side Spyware often appears in groups, with all files created at the exact same time Can also use these bad dates to find spyware in other locations Algorithm to find date clusters in a given directory Sort a list of files by date Starting with the first file in the list, look through all of the files that follow as long as their dates are within a certain range of each other Continue until a date is found outside of this range. The probability of being spyware for files in this cluster depends on how many files are in it.

7 Program Interface

8 Conclusions/Future Work
Can be hard to distinguish between good and bad files Still did a good job of finding all the spyware on the test machine Tests were developed from infections in October, but were still able to find spyware from new infections in February Learning – adjusting tests on the fly and create new ones Optimization Many of the algorithms used can be sped up significantly Still does okay, took 3 minutes and 35 seconds to scan 131,301 files (37GB)

9 Questions?

Download ppt "Spyware Detection Jeff Rosenberg Advisor: Professor Hemmendinger"

Similar presentations

Cyber-Safety Instructors: Connie Hutchison & Christopher McCoy.

Cyber-Safety Instructors: Connie Hutchison & Christopher McCoy.
Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
By Osiris Double click on “AntiSpyWare” folder.. By Osiris Double click on “SuperAntiSpyW are”.

By Osiris Double click on “AntiSpyWare” folder.. By Osiris Double click on “SuperAntiSpyW are”.
Chapter 6: Memory Management

Chapter 6: Memory Management
Computer Information Technology – Section 2-4. Objectives The Student will Understand the basic system tools and how to use them Understand virus and.

Computer Information Technology – Section 2-4. Objectives The Student will Understand the basic system tools and how to use them Understand virus and.
Database Management Systems, R. Ramakrishnan and J. Gehrke1 External Sorting Chapter 11.

Database Management Systems, R. Ramakrishnan and J. Gehrke1 External Sorting Chapter 11.
External Sorting CS634 Lecture 10, Mar 5, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.

External Sorting CS634 Lecture 10, Mar 5, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.
Query Evaluation. An SQL query and its RA equiv. Employees (sin INT, ename VARCHAR(20), rating INT, age REAL) Maintenances (sin INT, planeId INT, day.

Query Evaluation. An SQL query and its RA equiv. Employees (sin INT, ename VARCHAR(20), rating INT, age REAL) Maintenances (sin INT, planeId INT, day.
DATA MINING CS157A Swathi Rangan. A Brief History of Data Mining The term “Data Mining” was only introduced in the 1990s. Data Mining roots are traced.

DATA MINING CS157A Swathi Rangan. A Brief History of Data Mining The term “Data Mining” was only introduced in the 1990s. Data Mining roots are traced.
Removing Spyware Cleaning Up Your Computer. Pin Point the Problem Is Your Computer Not Running Properly? Are You Sure That the Problem is Spyware? Observe.

Removing Spyware Cleaning Up Your Computer. Pin Point the Problem Is Your Computer Not Running Properly? Are You Sure That the Problem is Spyware? Observe.
Steganography Part 2 – Detection and Research. Introduction to Steganalysis What is steganalysis?  The art of detecting messages hidden by steganography.

Steganography Part 2 – Detection and Research. Introduction to Steganalysis What is steganalysis?  The art of detecting messages hidden by steganography.
1 External Sorting Chapter 13. 2 Why Sort?  A classic problem in computer science!  Data requested in sorted order  e.g., find students in increasing.

1 External Sorting Chapter Why Sort?  A classic problem in computer science!  Data requested in sorted order  e.g., find students in increasing.
Using the Java programming language compiler. Review of relevant material from previous lectures From previous lectures: A computer can only execute machine.

Using the Java programming language compiler. Review of relevant material from previous lectures From previous lectures: A computer can only execute machine.
Software utilities Gladys Nzita-Mak. Disk defragmentation Disk defragmentation makes computers run efficiently. When you save, change or delete files.

Software utilities Gladys Nzita-Mak. Disk defragmentation Disk defragmentation makes computers run efficiently. When you save, change or delete files.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Computer Information Technology – Section 2-4. Objectives The Student will Understand the basic system tools and how to use them Understand virus and.

Computer Information Technology – Section 2-4. Objectives The Student will Understand the basic system tools and how to use them Understand virus and.
OPERATION SYSTEM (WINDOWS) VIRUS REMOVAL. COMPUTER VIRUS - Type of malware that, when executed, replicates by inserting copies of itself (possibly modified)

OPERATION SYSTEM (WINDOWS) VIRUS REMOVAL. COMPUTER VIRUS - Type of malware that, when executed, replicates by inserting copies of itself (possibly modified)
SIDDHARTH MEHTA PURSUING MASTERS IN COMPUTER SCIENCE (FALL 2008) INTERESTS: SYSTEMS, WEB.

SIDDHARTH MEHTA PURSUING MASTERS IN COMPUTER SCIENCE (FALL 2008) INTERESTS: SYSTEMS, WEB.
CS 346 – Chapter 10 Mass storage –Advantages? –Disk features –Disk scheduling –Disk formatting –Managing swap space –RAID.

CS 346 – Chapter 10 Mass storage –Advantages? –Disk features –Disk scheduling –Disk formatting –Managing swap space –RAID.

Similar presentations

Ads by Google