Full Program »
TROGUARD: Context-Aware Protection Against Web-Based Socially Engineered Trojans
TROGUARD builds on the hypothesis that in spite of millions of currently downloadable executables on the Internet, almost all of them provide functionalities from a limited set. Additionally, because each functionality, e.g., text editor, requires particular system resources, it leaves a specific, system-level activity pattern behind. During an offline process, TROGUARD creates a profile dictionary of various functionalities that is used afterwards to warn the user if she downloads an executable whose activity profile does not match its advertised functionality which is extracted through automated analysis of its source website. Our experimental results prove the above mentioned premise empirically and show that TROGUARD can identify real-world socially engineered trojan download attacks effectively.
University of Miami