Read Paper (in PDF)
Hao Wang
University of Wisconsin - Madison
USA
Somesh Jha
University of Wisconsin - Madison
USA
Vinod Ganapathy
University of Wisconsin - Madison
USA
We present the design, implementation, and evaluation of NetSpy, a tool that generates network-level signatures for spyware. These
signatures can be used by a NIDS, such as Snort or Bro, to detect spyware installations in large networks. NetSpy is easy-to-use: end-users and system administrators can use it to generate network-level signatures themselves, thus reducing their dependence on vendors and third parties to supply these signatures. Our experiments demonstrate that NetSpy is effective. In particular, it generated succinct and precise network-level signatures for each of the spyware programs that we considered.
Keywords: spyware, malware, NIDS, signature generation