This paper presents NetSpy, a tool to automatically generate network-level signatures for spyware. NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic generated by the untrusted program. If classified as spyware, NetSpy also generates a signature characterizing the malicious substrate of the spy-ware's network behavior. Such a signature can be used by network intrusion detection systems to detect spyware installations in large networks.
Did you find this white paper useful?
21 out of 40 users found this white paper useful
Related white papers
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
Creditor Expects New Business Opportunities and Increased Employee Productivity
COFIDIS Portugal sells consumer-credit products both directly and through outside resellers. These partners require secure access to company programs without costly virtual private networks. Employees also need remote access to...
No More FTP: Eliminate FTP and Email Attachment Issues
Today's business environment requires ad hoc and instantaneous sharing of information. Systems for sending large files have not kept pace with the needs of today's enterprise, where increasingly large and...
Exposing Network Services for Enhanced Competitive Edge
SingTel is Asia's leading communications group with operations and investments around the world. In the growing competitive telecommunications industry, SingTel needed new services revenue stream to maintain its top position....
MULTOPS: A Data-Structure for Bandwidth Attack Detection
A denial-of-service bandwidth attack is an attempt to disrupt an online service by generating a traffic overload that clogs links or causes routers near the victim to crash. This paper...
