An automatic system (26) for spyware detection and signature generation compares packets of output (51) from a computer (20) in response to standard user inputs (53), to packets of a standard output set (51) derived from a known clean machine (20). Differences between these two packet sets are analyzed with respect to whether they relate to unknown web servers (56) and whether they incorporate user-derived information (74). This analysis is used to provide an automatic detection of and signature generation for spyware infecting the machine (20).
申请公布号
WO2008067371(A3)
申请公布日期
2008.10.23
申请号
WO2007US85752
申请日期
2007.11.28
申请人
WISCONSIN ALUMNI RESEARCH FOUNDATION;HAO, WANG;JHA, SOMESH;GANAPATHY, VINOD