Outgoing data filtration for detecting spyware on personal computers

Abstract

One of the most critical issues emerging from the Internet is the diverse number of spyware and bots. When a spyware is installed in your PC then it will be difficult to detect, mainly because it deploys covert channels to communicate with outbound data transmissions. These attacks are usually sent from PCs infected with a bot that communicates with malicious controllers over an encrypted channel. However, the available pattern-based intrusion detection system (IDS) and antivirus systems (AVs) are unable to detect the infected PC. This paper presents a Monitoring and Filtering method (SMF) for outgoing packets based on machine learning and behavioral-based methods that can help in the protection of PCs. In addition, this paper presents recent research contributions and emerging tools in the field of spyware detection and identifies existing gaps in the literature. The paper then presents a High-level Architecture to inspect the outgoing packet from the hardware and the software installed in PCs as a solution.