HoneyID: Unveiling hidden spywares by generating bogus events

Jeheon Han, Jonghoon Kwon, Heejo Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    11 Citations (Scopus)

    Abstract

    A particular type of spyware which uses the user's events covertly, such as keyloggers and password stealers, has become a big threat to Internet users. Due to the prevalence of spywares, the user's private information can easily be exposed to an attacker. Conventional anti-spyware programs have used signatures to defend against spywares. Unfortunately, this mechanism cannot detect unknown spywares. In this paper, we propose a spyware detection mechanism, called HoneyID, which can detect unknown spywares using an enticement strategy. HoneyID generates bogus events to trigger the spyware's actions and then detects hidden spywares among running processes which operate abnormally.We implemented the HoneyID mechanism as a windows based, and evaluated it's effectiveness against 6 different known spywares(3 keyloggers and 3 ftp password sniffers). From this study, we show that the HoneyID can be effective to detect unknown spywares with high accuracy.

    Original languageEnglish
    Title of host publicationProceedings of The Ifip Tc 11 23rd International Information Security Conference
    Subtitle of host publicationIFIP 20th World Computer Congress, IFIP SEC'08
    PublisherSpringer New York
    Pages669-673
    Number of pages5
    ISBN (Print)9780387096988
    DOIs
    Publication statusPublished - 2008

    Publication series

    NameIFIP International Federation for Information Processing
    Volume278
    ISSN (Print)1571-5736

    ASJC Scopus subject areas

    • Information Systems and Management

    Fingerprint

    Dive into the research topics of 'HoneyID: Unveiling hidden spywares by generating bogus events'. Together they form a unique fingerprint.

    Cite this