Evaluating Grayware Characteristics and Risks

الملخص EN

Grayware encyclopedias collect known species to provide information for incident analysis, however, the lack of categorization and generalization capability renders them ineffective in the development of defense strategies against clustered strains.

A grayware categorization framework is therefore proposed here to not only classify grayware according to diverse taxonomic features but also facilitate evaluations on grayware risk to cyberspace.

Armed with Support Vector Machines, the framework builds learning models based on training data extracted automatically from grayware encyclopedias and visualizes categorization results with Self-Organizing Maps.

The features used in learning models are selected with information gain and the high dimensionality of feature space is reduced by word stemming and stopword removal process.

The grayware categorizations on diversified features reveal that grayware typically attempts to improve its penetration rate by resorting to multiple installation mechanisms and reduced code footprints.

The framework also shows that grayware evades detection by attacking victims' security applications and resists being removed by enhancing its clotting capability with infected hosts.

Our analysis further points out that species in categories Spyware and Adware continue to dominate the grayware landscape and impose extremely critical threats to the Internet ecosystem.