Taint-Graph-Based for Automatic Spyware Analysis

摘要

Spyware is a kind of malicious code that is installed on victims' machines without their content. They spy on the users' behavior and compromise their privacy, while transmitting sensitive information to some remote servers. Current anti-spyware tools are similar to anti-virus products in that they identify known spyware by comparing the binary image to a database of signatures. Unfortunately, these techniques cannot distinguish some novel spyware, require frequent updates to signature databases, and are easy to elude by code obfuscation. In this paper, we introduce a novel analysis approach that tracks the sensitive information flow through the system. Trough our analysis to obtained data, we can identify unknown program or components as spyware and gain detail information. For example, which sensitive data is leaked and where it is sent.