TY - GEN
T1 - PUA detection based on bundle installer characteristics
AU - Lukach, Amir
AU - Gudes, Ehud
AU - Shabtai, Asaf
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2020.
PY - 2020/1/1
Y1 - 2020/1/1
N2 - Many applications, such as download managers, antivirus, backup utilities, and Web browsers, are distributed freely via popular download sites in an attempt to increase the application’s user base. When such applications also include functionalities which are added as a means of monetizing the applications and may cause inconvenience to the user or compromise the user’s privacy, they are referred to as potentially unwanted applications (PUAs). Commonly used methods for detecting malicious software cannot be applied to detect PUAs, since they have a high degree of similarity to benign applications and require user interaction for installation. Previous research aimed at detecting PUAs has relied mainly on the use of a sandbox to monitor the behavior of installed applications, however, the methods suggested had limited accuracy. In this study, we propose a machine learning-based method for detecting PUAs. Our approach can be applied on the target endpoint directly and thus can provide protection against PUAs in real-time.
AB - Many applications, such as download managers, antivirus, backup utilities, and Web browsers, are distributed freely via popular download sites in an attempt to increase the application’s user base. When such applications also include functionalities which are added as a means of monetizing the applications and may cause inconvenience to the user or compromise the user’s privacy, they are referred to as potentially unwanted applications (PUAs). Commonly used methods for detecting malicious software cannot be applied to detect PUAs, since they have a high degree of similarity to benign applications and require user interaction for installation. Previous research aimed at detecting PUAs has relied mainly on the use of a sandbox to monitor the behavior of installed applications, however, the methods suggested had limited accuracy. In this study, we propose a machine learning-based method for detecting PUAs. Our approach can be applied on the target endpoint directly and thus can provide protection against PUAs in real-time.
KW - Antivirus
KW - Machine learning
KW - Potentially unwanted applications
UR - https://www.scopus.com/pages/publications/85087529919
U2 - 10.1007/978-3-030-49669-2_15
DO - 10.1007/978-3-030-49669-2_15
M3 - Conference contribution
AN - SCOPUS:85087529919
SN - 9783030496685
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 261
EP - 273
BT - Data and Applications Security and Privacy - 34th Annual IFIP WG 11.3 Conference, DBSec 2020, Proceedings
A2 - Singhal, Anoop
A2 - Vaidya, Jaideep
PB - Springer
T2 - 34th Annual IFIP WG11.3 Conference on Data and Applications Security and Privacy, DBSec 2020
Y2 - 25 June 2020 through 26 June 2020
ER -