HoneyID: Unveiling hidden spywares by generating bogus events

Jeheon Han; Jonghoon Kwon; Heejo Lee

doi:10.1007/978-0-387-09699-5_43

HoneyID: Unveiling hidden spywares by generating bogus events

Jeheon Han, Jonghoon Kwon, Heejo Lee

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

10 Citations (Scopus)

Abstract

A particular type of spyware which uses the user's events covertly, such as keyloggers and password stealers, has become a big threat to Internet users. Due to the prevalence of spywares, the user's private information can easily be exposed to an attacker. Conventional anti-spyware programs have used signatures to defend against spywares. Unfortunately, this mechanism cannot detect unknown spywares. In this paper, we propose a spyware detection mechanism, called HoneyID, which can detect unknown spywares using an enticement strategy. HoneyID generates bogus events to trigger the spyware's actions and then detects hidden spywares among running processes which operate abnormally.We implemented the HoneyID mechanism as a windows based, and evaluated it's effectiveness against 6 different known spywares(3 keyloggers and 3 ftp password sniffers). From this study, we show that the HoneyID can be effective to detect unknown spywares with high accuracy.

Original language	English
Title of host publication	Proceedings of The Ifip Tc 11 23rd International Information Security Conference
Subtitle of host publication	IFIP 20th World Computer Congress, IFIP SEC'08
Publisher	Springer New York
Pages	669-673
Number of pages	5
ISBN (Print)	9780387096988
DOIs	https://doi.org/10.1007/978-0-387-09699-5_43
Publication status	Published - 2008

Publication series

Name	IFIP International Federation for Information Processing
Volume	278
ISSN (Print)	1571-5736

ASJC Scopus subject areas

Information Systems and Management

Access to Document

10.1007/978-0-387-09699-5_43

Cite this

Han, J., Kwon, J., & Lee, H. (2008). HoneyID: Unveiling hidden spywares by generating bogus events. In Proceedings of The Ifip Tc 11 23rd International Information Security Conference: IFIP 20th World Computer Congress, IFIP SEC'08 (pp. 669-673). (IFIP International Federation for Information Processing; Vol. 278). Springer New York. https://doi.org/10.1007/978-0-387-09699-5_43

HoneyID: Unveiling hidden spywares by generating bogus events. / Han, Jeheon; Kwon, Jonghoon; Lee, Heejo.
Proceedings of The Ifip Tc 11 23rd International Information Security Conference: IFIP 20th World Computer Congress, IFIP SEC'08. Springer New York, 2008. p. 669-673 (IFIP International Federation for Information Processing; Vol. 278).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Han, J, Kwon, J & Lee, H 2008, HoneyID: Unveiling hidden spywares by generating bogus events. in Proceedings of The Ifip Tc 11 23rd International Information Security Conference: IFIP 20th World Computer Congress, IFIP SEC'08. IFIP International Federation for Information Processing, vol. 278, Springer New York, pp. 669-673. https://doi.org/10.1007/978-0-387-09699-5_43

@inproceedings{f8fb831e2caa4f6bb4ae351565264420,

title = "HoneyID: Unveiling hidden spywares by generating bogus events",

abstract = "A particular type of spyware which uses the user's events covertly, such as keyloggers and password stealers, has become a big threat to Internet users. Due to the prevalence of spywares, the user's private information can easily be exposed to an attacker. Conventional anti-spyware programs have used signatures to defend against spywares. Unfortunately, this mechanism cannot detect unknown spywares. In this paper, we propose a spyware detection mechanism, called HoneyID, which can detect unknown spywares using an enticement strategy. HoneyID generates bogus events to trigger the spyware's actions and then detects hidden spywares among running processes which operate abnormally.We implemented the HoneyID mechanism as a windows based, and evaluated it's effectiveness against 6 different known spywares(3 keyloggers and 3 ftp password sniffers). From this study, we show that the HoneyID can be effective to detect unknown spywares with high accuracy.",

author = "Jeheon Han and Jonghoon Kwon and Heejo Lee",

year = "2008",

doi = "10.1007/978-0-387-09699-5_43",

language = "English",

isbn = "9780387096988",

series = "IFIP International Federation for Information Processing",

publisher = "Springer New York",

pages = "669--673",

booktitle = "Proceedings of The Ifip Tc 11 23rd International Information Security Conference",

}

TY - GEN

T1 - HoneyID

T2 - Unveiling hidden spywares by generating bogus events

AU - Han, Jeheon

AU - Kwon, Jonghoon

AU - Lee, Heejo

PY - 2008

Y1 - 2008

N2 - A particular type of spyware which uses the user's events covertly, such as keyloggers and password stealers, has become a big threat to Internet users. Due to the prevalence of spywares, the user's private information can easily be exposed to an attacker. Conventional anti-spyware programs have used signatures to defend against spywares. Unfortunately, this mechanism cannot detect unknown spywares. In this paper, we propose a spyware detection mechanism, called HoneyID, which can detect unknown spywares using an enticement strategy. HoneyID generates bogus events to trigger the spyware's actions and then detects hidden spywares among running processes which operate abnormally.We implemented the HoneyID mechanism as a windows based, and evaluated it's effectiveness against 6 different known spywares(3 keyloggers and 3 ftp password sniffers). From this study, we show that the HoneyID can be effective to detect unknown spywares with high accuracy.

AB - A particular type of spyware which uses the user's events covertly, such as keyloggers and password stealers, has become a big threat to Internet users. Due to the prevalence of spywares, the user's private information can easily be exposed to an attacker. Conventional anti-spyware programs have used signatures to defend against spywares. Unfortunately, this mechanism cannot detect unknown spywares. In this paper, we propose a spyware detection mechanism, called HoneyID, which can detect unknown spywares using an enticement strategy. HoneyID generates bogus events to trigger the spyware's actions and then detects hidden spywares among running processes which operate abnormally.We implemented the HoneyID mechanism as a windows based, and evaluated it's effectiveness against 6 different known spywares(3 keyloggers and 3 ftp password sniffers). From this study, we show that the HoneyID can be effective to detect unknown spywares with high accuracy.

UR - http://www.scopus.com/inward/record.url?scp=48249085284&partnerID=8YFLogxK

U2 - 10.1007/978-0-387-09699-5_43

DO - 10.1007/978-0-387-09699-5_43

M3 - Conference contribution

AN - SCOPUS:48249085284

SN - 9780387096988

T3 - IFIP International Federation for Information Processing

SP - 669

EP - 673

BT - Proceedings of The Ifip Tc 11 23rd International Information Security Conference

PB - Springer New York

ER -

HoneyID: Unveiling hidden spywares by generating bogus events

Abstract

Publication series

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this