Conference Paper

VSpyware: Spyware in VANETs

DOI: 10.1109/LCN.2010.5735782 Conference: Local Computer Networks (LCN), 2010 IEEE 35th Conference on
Source: IEEE Xplore

ABSTRACT We illustrate how VSpyware - Vehicular Spyware - may jeopardize the integrity of vehicular systems. We propose a complete framework to protect vehicles against this threat based on a generic five-level protection scheme and customize it for the standardized and open specifications of AUTOSAR. We then inspect the vulnerabilities of the embedded operating systems, specifically OSEK OS, which is adopted by AUTOSAR, and propose methods to implement protection at this level. Finally, we show how our design thwarts VSpyware and VMalware attacks and protects the privacy and security of drivers and passengers.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The problem of spyware is incredibly serious and exceeds anyone's imagination. Combining static and dynamic analyses, we propose an integrated architecture to defend against surveillance spyware in this paper. Features extracted from both static and dynamic analyses are ranked according to their information gains. Then using top significant features we construct a Support Vector Machine (SVM) classifier for each client. In order to keep the classifier update-to-date, there is a machine playing as server to collect reports from all clients, retrain, and redistribute the new classifier to each client. Our surveillance spyware detection system (SSDS) has an overall accuracy rate up to 97.9% for known surveillance spywares and 96.4% for unknown ones.
    Evolutionary Computation, 2006. CEC 2006. IEEE Congress on; 01/2006
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Spyware - programs that monitor a computer user's activities and capture data about the user, storing the information so a third party can access it s a relatively new phenomenon. Spyware countermeasures are just now maturing beyond their initial capabilities, with many choices available to enterprises and individual users. As this field matures, threats and responses are becoming more sophisticated. One major concern has been the time lag between how quickly threats have evolved compared to how quickly counter-measures become available to deal with the threats. Spyware has evolved rapidly because of the profit motivation that spurs it forward. The good news is that countermeasures will grow dramatically in the near future, also because of a strong - and only recently recognized - profit potential. This will help the response catch up to the threat, but only if IT professionals understand how spyware works.
    IT Professional 10/2004; DOI:10.1109/MITP.2004.71 · 0.50 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a method for preventing personal information leakage on the Internet. The leakage of the personal information might cause severe problems such as privacy violation, impersonation, spam mail, and financial fraud. The main ways of the personal information leakage are the leakage of the personal information registered in Web site, the Internet phishing, and the spyware. The basic idea of our method for preventing these types of personal information leakage is "do not send the personal information to a hazardous recipient". Every network packet transferred from a user's PC to a server via the Internet is inspected to check if the packet contains the user's personal information. When a packet containing personal information is detected, a decision about safety of the transfer is made. After decision is made, the packet sent to an unsafe destination is dismissed. The decision is made based on the predefined user control policy. The user policy specifies the safeness of a transfer in considering the information such as type of transferred personal information, the application that sends the packet and the trustworthiness of the recipient. The destination's trustworthiness is managed and provided by a trusted third party. In this paper, we present the explanation of information leakage problem and the description of related work. The presentation of our model for controlling personal information transfer and a description of the system architecture for implementing our model is included. And some security analysis of our method that shows the effectiveness of the proposed method is also presented
    Consumer Electronics, 2006. ISCE '06. 2006 IEEE Tenth International Symposium on; 01/2006