Evaluation of a Spyware Detection System Using Thin Client Computing | SpringerLink
Skip to main content
Springer Nature Link
Log in

Evaluation of a Spyware Detection System Using Thin Client Computing

  • Conference paper
Information Security and Cryptology - ICISC 2010 (ICISC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6829))

Included in the following conference series:

  • 1229 Accesses

Abstract

Spyware – malicious software that passively collects users’ information without their knowledge – is a prevalent threat. After a spyware program has collected and possibly analyzed enough data, it usually transmits such information back to its author. In this paper, we build a system to detect such malicious behaving software, based on our prior work on detecting crimeware. Our system is specifically designed to fit with thin-client computing, which is popular in some corporate environments. We provide implementation details, as well as experimental results that demonstrate the scalability and effectiveness of our system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Xen website, http://www.xen.org/

  2. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)

    Chapter  Google Scholar 

  3. Borders, K., Zhao, X., Prakash, A.: Siren: Catching evasive malware. In: Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 78–85 (May 2006)

    Google Scholar 

  4. Bowen, B.M., Prabhu, P., Kemerlis, V.P., Sidiroglou, S., Keromytis, A.D., Stolfo, S.J.: BotSwindler: Tamper resistant injection of believable decoys in VM-based hosts for crimeware detection. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 118–137. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Chandrasekaran, M., Vidyaraman, S., Upadhyaya, S.: SpyCon: Emulating User Activities to Detect Evasive Spyware. In: Proc. of the Performance, Computing, and Communications Conference (IPCCC), pp. 502–509 (May 2007)

    Google Scholar 

  6. Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic spyware analysis. In: Proc. of the USENIX Annual Technical Conference, Santa Clara, CA, USA, pp. 233–246 (June 2007)

    Google Scholar 

  7. Fest, G.: Why thin is back in (March 2010), http://www.americanbanker.com/usb_issues/120_3/why-thin-is-back-in-1014707-1.html

  8. Holz, T., Engelberth, M., Freiling, F.: Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  9. Lohr, S.: Thin-client boom, finally? (July 2007), http://bits.blogs.nytimes.com/2007/07/26/thin-client-boom-finally/

  10. Pappas, V., Bowen, B.M., Keromytis, A.D.: Crimeware swindling without virtual machines. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 196–202. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  11. Richardson, T.: The rfb protocol, version 3.8, http://realvnc.com/docs/rfbproto.pdf

  12. The Security Division of EMC RSA. Malware and enterprise. White paper (April 2010)

    Google Scholar 

  13. Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. In: Proc. of the IEEE Symposium on Security and Privacy (S&P), pp. 32–39 (March 2007)

    Google Scholar 

  14. Jae Yang, S., Nieh, J., Selsky, M., Tiwari, N.: The performance of remote display mechanisms for thin-client computing. In: ATEC 2002: Proceedings of the General Track of the Annual Conference on USENIX Annual Technical Conference, pp. 131–146. USENIX Association, Berkeley (2002)

    Google Scholar 

  15. Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panaroma: Capturing System-wide Information Flow for Malware Detection and Analysis. In: Proc. of the 14th ACM Conference on Computer and Communications Security, pp. 116–127 (2007)

    Google Scholar 

  16. Zetter, K.: Google hack attack was ultra sophisticated, new details show (January 2010), http://www.wired.com/threatlevel/2010/01/operation-aurora/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Columbia University, USA

    Vasilis Pappas, Brian M. Bowen & Angelos D. Keromytis

Authors
  1. Vasilis Pappas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Brian M. Bowen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Angelos D. Keromytis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of IT Convergence Application Engineering, Pukyong National University, 599-1 Daeyeon 3-Dong Namgu, 608-737, Busan, Republic of Korea

    Kyung-Hyune Rhee

  2. Department of Computer Science and Information Technology, INHA University, 253 Yonghyun-dong, Nam-gu, 402-751, Incheon, Republic of Korea

    DaeHun Nyang

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pappas, V., Bowen, B.M., Keromytis, A.D. (2011). Evaluation of a Spyware Detection System Using Thin Client Computing. In: Rhee, KH., Nyang, D. (eds) Information Security and Cryptology - ICISC 2010. ICISC 2010. Lecture Notes in Computer Science, vol 6829. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24209-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24209-0_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24208-3

  • Online ISBN: 978-3-642-24209-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation