TY - GEN
T1 - Panorama
T2 - 14th ACM Conference on Computer and Communications Security, CCS'07
AU - Yin, Heng
AU - Song, Dawn
AU - Egele, Manuel
AU - Kruegel, Christopher
AU - Kirda, Engin
N1 - Copyright:
Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2007
Y1 - 2007
N2 - Malicious programs spy on users' behavior and compromise their privacy. Even software from reputable vendors, such as Google Desktop and Sony DRM media player, may perform undesirable actions. Unfortunately, existing techniques for detecting malware and analyzing unknown code samples are insufficient and have significant shortcomings. We observe that malicious information access and processing behavior is the fundamental trait of numerous malware categories breaching users' privacy (including keyloggers, password thieves, network sniffers, stealth backdoors, spyware and rootkits), which separates these malicious applications from benign software. We propose a system, Panorama, to detect and analyze malware by capturing this fundamental trait. In our extensive experiments, Panorama successfully detected all the malware samples and had very few false positives. Furthermore, by using Google Desktop as a case study, we show that our system can accurately capture its information access and processing behavior, and we can confirm that it does send back sensitive information to remote servers in certain settings. We believe that a system such as Panorama will offer indispensable assistance to code analysts and malware researchers by enabling them to quickly comprehend the behavior and innerworkings of an unknown sample.
AB - Malicious programs spy on users' behavior and compromise their privacy. Even software from reputable vendors, such as Google Desktop and Sony DRM media player, may perform undesirable actions. Unfortunately, existing techniques for detecting malware and analyzing unknown code samples are insufficient and have significant shortcomings. We observe that malicious information access and processing behavior is the fundamental trait of numerous malware categories breaching users' privacy (including keyloggers, password thieves, network sniffers, stealth backdoors, spyware and rootkits), which separates these malicious applications from benign software. We propose a system, Panorama, to detect and analyze malware by capturing this fundamental trait. In our extensive experiments, Panorama successfully detected all the malware samples and had very few false positives. Furthermore, by using Google Desktop as a case study, we show that our system can accurately capture its information access and processing behavior, and we can confirm that it does send back sensitive information to remote servers in certain settings. We believe that a system such as Panorama will offer indispensable assistance to code analysts and malware researchers by enabling them to quickly comprehend the behavior and innerworkings of an unknown sample.
KW - Dynamic taint analysis
KW - Malware analysis
KW - Malware detection
KW - Spyware
UR - http://www.scopus.com/inward/record.url?scp=77950788046&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77950788046&partnerID=8YFLogxK
U2 - 10.1145/1315245.1315261
DO - 10.1145/1315245.1315261
M3 - Conference contribution
AN - SCOPUS:77950788046
SN - 9781595937032
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 116
EP - 127
BT - CCS'07 - Proceedings of the 14th ACM Conference on Computer and Communications Security
Y2 - 29 October 2007 through 2 November 2007
ER -