HomeArticlesBehavior-based Spyware Detection

Behavior-based Spyware Detection

by Engin Kirda, Christopher Kruegel, Greg Banks, Giovanni Vigna, Richard A. Kemmerer


This paper presents a novel technique for spyware detection that is based on the characterization of spywarelike behavior. The technique is tailored to a popular class of spyware applications that use Internet Explorer’s Browser Helper Object (BHO) and toolbar interfaces to monitor a user’s browsing behavior. Our technique uses a composition of static and dynamic analysis to determine whether the behavior of BHOs and toolbars in response to simulated browser events should be considered malicious. The evaluation of our technique on a representative set of spyware samples shows that it is possible to reliably identify malicious components using an abstract behavioral characterization.
Read the full article
HomeArticlesBehavior-based Spyware Detection