文章基本信息

标题：Evaluating Grayware Characteristics and Risks
本地全文：下载
作者：Zhongqiang Chen ; Zhanyan Liang ; Yuan Zhang 等
期刊名称：Journal of Computer Networks and Communications
印刷版ISSN：2090-7141
电子版ISSN：2090-715X
出版年度：2011
卷号：2011
DOI：10.1155/2011/569829
出版社：Hindawi Publishing Corporation
摘要：Grayware encyclopedias collect known species to provide information for incident analysis, however, the lack of categorization and generalization capability renders them ineffective in the development of defense strategies against clustered strains. A grayware categorization framework is therefore proposed here to not only classify grayware according to diverse taxonomic features but also facilitate evaluations on grayware risk to cyberspace. Armed with Support Vector Machines, the framework builds learning models based on training data extracted automatically from grayware encyclopedias and visualizes categorization results with Self-Organizing Maps. The features used in learning models are selected with information gain and the high dimensionality of feature space is reduced by word stemming and stopword removal process. The grayware categorizations on diversified features reveal that grayware typically attempts to improve its penetration rate by resorting to multiple installation mechanisms and reduced code footprints. The framework also shows that grayware evades detection by attacking victims' security applications and resists being removed by enhancing its clotting capability with infected hosts. Our analysis further points out that species in categories Spyware and Adware continue to dominate the grayware landscape and impose extremely critical threats to the Internet ecosystem.