TY - GEN
T1 - HoneyID
T2 - Unveiling hidden spywares by generating bogus events
AU - Han, Jeheon
AU - Kwon, Jonghoon
AU - Lee, Heejo
PY - 2008
Y1 - 2008
N2 - A particular type of spyware which uses the user's events covertly, such as keyloggers and password stealers, has become a big threat to Internet users. Due to the prevalence of spywares, the user's private information can easily be exposed to an attacker. Conventional anti-spyware programs have used signatures to defend against spywares. Unfortunately, this mechanism cannot detect unknown spywares. In this paper, we propose a spyware detection mechanism, called HoneyID, which can detect unknown spywares using an enticement strategy. HoneyID generates bogus events to trigger the spyware's actions and then detects hidden spywares among running processes which operate abnormally.We implemented the HoneyID mechanism as a windows based, and evaluated it's effectiveness against 6 different known spywares(3 keyloggers and 3 ftp password sniffers). From this study, we show that the HoneyID can be effective to detect unknown spywares with high accuracy.
AB - A particular type of spyware which uses the user's events covertly, such as keyloggers and password stealers, has become a big threat to Internet users. Due to the prevalence of spywares, the user's private information can easily be exposed to an attacker. Conventional anti-spyware programs have used signatures to defend against spywares. Unfortunately, this mechanism cannot detect unknown spywares. In this paper, we propose a spyware detection mechanism, called HoneyID, which can detect unknown spywares using an enticement strategy. HoneyID generates bogus events to trigger the spyware's actions and then detects hidden spywares among running processes which operate abnormally.We implemented the HoneyID mechanism as a windows based, and evaluated it's effectiveness against 6 different known spywares(3 keyloggers and 3 ftp password sniffers). From this study, we show that the HoneyID can be effective to detect unknown spywares with high accuracy.
UR - http://www.scopus.com/inward/record.url?scp=48249085284&partnerID=8YFLogxK
U2 - 10.1007/978-0-387-09699-5_43
DO - 10.1007/978-0-387-09699-5_43
M3 - Conference contribution
AN - SCOPUS:48249085284
SN - 9780387096988
T3 - IFIP International Federation for Information Processing
SP - 669
EP - 673
BT - Proceedings of The Ifip Tc 11 23rd International Information Security Conference
PB - Springer New York
ER -