Evaluating Grayware Characteristics and Risks
Grayware encyclopedias collect known species to provide information for incident analysis, however, the lack of categorization and generalization capability renders them ineffective in the development of defense strategies against clustered strains. A grayware categorization framework is therefore p...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2011-01-01
|
| Series: | Journal of Computer Networks and Communications |
| Online Access: | http://dx.doi.org/10.1155/2011/569829 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850218664050032640 |
|---|---|
| author | Zhongqiang Chen Zhanyan Liang Yuan Zhang Zhongrong Chen |
| author_facet | Zhongqiang Chen Zhanyan Liang Yuan Zhang Zhongrong Chen |
| author_sort | Zhongqiang Chen |
| collection | DOAJ |
| description | Grayware encyclopedias collect known species to provide information for incident analysis, however, the lack of categorization and generalization capability renders them ineffective in the development of defense strategies against clustered strains. A grayware categorization framework is therefore proposed here to not only classify grayware according to diverse taxonomic features but also facilitate evaluations on grayware risk to cyberspace. Armed with Support Vector Machines, the framework builds learning models based on training data extracted automatically from grayware encyclopedias and visualizes categorization results with Self-Organizing Maps. The features used in learning models are selected with information gain and the high dimensionality of feature space is reduced by word stemming and stopword removal process. The grayware categorizations on diversified features reveal that grayware typically attempts to improve its penetration rate by resorting to multiple installation mechanisms and reduced code footprints. The framework also shows that grayware evades detection by attacking victims' security applications and resists being removed by enhancing its clotting capability with infected hosts. Our analysis further points out that species in categories Spyware and Adware continue to dominate the grayware landscape and impose extremely critical threats to the Internet ecosystem. |
| format | Article |
| id | doaj-art-322b118cde3346cd9d4e9ccb6ae4f0b6 |
| institution | OA Journals |
| issn | 2090-7141 2090-715X |
| language | English |
| publishDate | 2011-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | Journal of Computer Networks and Communications |
| spelling | doaj-art-322b118cde3346cd9d4e9ccb6ae4f0b62025-08-20T02:07:39ZengWileyJournal of Computer Networks and Communications2090-71412090-715X2011-01-01201110.1155/2011/569829569829Evaluating Grayware Characteristics and RisksZhongqiang Chen0Zhanyan Liang1Yuan Zhang2Zhongrong Chen3Yahoo! Inc., Sunnyvale, CA 94089, USADepartment of Mathematics, Guangxi University of Finance and Economics, Guangxi 530003, ChinaDepartment of Mathematics, Florida State University, Tallahassee, FL 32306, USACorporate Accounts, Shire Pharmaceuticals, Inc. Wayne, PA 19087, USAGrayware encyclopedias collect known species to provide information for incident analysis, however, the lack of categorization and generalization capability renders them ineffective in the development of defense strategies against clustered strains. A grayware categorization framework is therefore proposed here to not only classify grayware according to diverse taxonomic features but also facilitate evaluations on grayware risk to cyberspace. Armed with Support Vector Machines, the framework builds learning models based on training data extracted automatically from grayware encyclopedias and visualizes categorization results with Self-Organizing Maps. The features used in learning models are selected with information gain and the high dimensionality of feature space is reduced by word stemming and stopword removal process. The grayware categorizations on diversified features reveal that grayware typically attempts to improve its penetration rate by resorting to multiple installation mechanisms and reduced code footprints. The framework also shows that grayware evades detection by attacking victims' security applications and resists being removed by enhancing its clotting capability with infected hosts. Our analysis further points out that species in categories Spyware and Adware continue to dominate the grayware landscape and impose extremely critical threats to the Internet ecosystem.http://dx.doi.org/10.1155/2011/569829 |
| spellingShingle | Zhongqiang Chen Zhanyan Liang Yuan Zhang Zhongrong Chen Evaluating Grayware Characteristics and Risks Journal of Computer Networks and Communications |
| title | Evaluating Grayware Characteristics and Risks |
| title_full | Evaluating Grayware Characteristics and Risks |
| title_fullStr | Evaluating Grayware Characteristics and Risks |
| title_full_unstemmed | Evaluating Grayware Characteristics and Risks |
| title_short | Evaluating Grayware Characteristics and Risks |
| title_sort | evaluating grayware characteristics and risks |
| url | http://dx.doi.org/10.1155/2011/569829 |
| work_keys_str_mv | AT zhongqiangchen evaluatinggraywarecharacteristicsandrisks AT zhanyanliang evaluatinggraywarecharacteristicsandrisks AT yuanzhang evaluatinggraywarecharacteristicsandrisks AT zhongrongchen evaluatinggraywarecharacteristicsandrisks |