Karishma Pandey#1, Madhura Naik#2, Junaid Qamar #3, Mahendra Patil#4

#Computer Department, Mumbai University

Introduction

Federal Trade Commission Staff Report in USA defines spyware as: “Software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer’s consent, or that influences some control over a computer without the consumer’s knowledge.” [1]

Spyware collects information from the user and sends it to third parties. Capable of storing personal details, authentication credentials, saving screenshots, taking images, and stealing files, spyware generally installs itself on a system by deceiving the user or exploiting vulnerabilities. Most spyware is installed without user knowledge, often bundling itself with desirable software [2].

Existing Solution

Traditionally, two approaches have been presented for Spyware detection: Signature-based Detection and Heuristic-based Detection. These approaches work well against known Spyware but fail to detect new variants [5].

• Signature-Based Detection: Maintains a database of unique strings or signatures. It compares features extracted from binaries with the existing database but is ineffective for detecting new Spyware executables.
• Heuristic-Based Detection: Classifiers are created by virus experts to detect new malicious programs. Though effective, it is time-consuming and often fails to detect previously unseen Spyware [6].

Design

Goals of Application: This application allows detection of whether a particular executable is spyware or not prior to installation.

Abstract

Systems connected to networks are vulnerable to malicious programs, threatening their confidentiality, integrity, and availability. Spyware detection using data mining approaches has proven more effective than traditional methods. This paper presents a method for spyware detection using binary feature extraction followed by feature reduction to generate classifiers that classify unseen binaries as benign files or spyware.

Keywords:

Malicious Code, Feature Extraction, N-Gram, CFBE (Common Feature-Based Extraction), FBFE (Frequency-Based Feature Extraction), Data Mining, Spyware, Naïve Bayes Classification Algorithm.