There is growing concern about spyware, which for this research is software that is downloaded onto a computer without the user's knowledge or consent. Some spyware captures confidential information and secretly sends that information a remote attacker. Other spyware displays advertisements on the victim's computer, thereby consuming processing and communications resources. The most common way to detect and eradicate spyware is to download anti-spyware software onto every computer, and run the software often. In this research, we are developing, evaluating, and using tools that scan network traffic, and identify computers that have been infected with spyware, or that are likely to become infected. With this approach, it is possible to detect spyware on thousands of computers at once, without any assistance from the computer users.
This work has been supported in part by CyLab and ARO.