Automated analysis of freeware installers promoted by download portals

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorGeniola, Albertoen_US
dc.contributor.authorAntikainen, Markkuen_US
dc.contributor.authorAura, Tuomasen_US
dc.contributor.departmentDepartment of Computer Scienceen
dc.contributor.groupauthorProfessorship Aura Tuomasen
dc.contributor.groupauthorHelsinki Institute for Information Technology (HIIT)en
dc.date.accessioned2018-12-10T10:26:23Z
dc.date.available2018-12-10T10:26:23Z
dc.date.issued2018-08-01en_US
dc.description.abstractWe present an analysis system for studying Windows application installers. The analysis system is fully automated from installer download to execution and data collection. The system emulates the behavior of a lazy user who wants to finish the installation dialogs with the default options and with as few clicks as possible. The UI automation makes use of image recognition techniques and heuristics. During the installation, the system collects data about the system modification and network access. The analysis system is scalable and can run on bare-metal hosts as well as in a data center. We use the system to analyze 792 freeware application installers obtained from popular download portals. In particular, we measure how many of them drop potentially unwanted programs (PUP) such as browser plugins or make other unwanted system modifications. We discover that most installers that download executable files over the network are vulnerable to man-in-the-middle attacks. We also find, that while popular download portals are not used for blatant malware distribution, nearly 10% of the analyzed installers come with a third-party browser or a browser extension.en
dc.description.versionPeer revieweden
dc.format.extent17
dc.format.extent209-225
dc.format.mimetypeapplication/pdfen_US
dc.identifier.citationGeniola, A, Antikainen, M & Aura, T 2018, ' Automated analysis of freeware installers promoted by download portals ', Computers and Security, vol. 77, pp. 209-225 . https://doi.org/10.1016/j.cose.2018.03.010en
dc.identifier.doi10.1016/j.cose.2018.03.010en_US
dc.identifier.issn0167-4048
dc.identifier.otherPURE UUID: ac270550-676f-402b-9785-5b82e1fc68dben_US
dc.identifier.otherPURE ITEMURL: https://research.aalto.fi/en/publications/ac270550-676f-402b-9785-5b82e1fc68dben_US
dc.identifier.otherPURE LINK: http://www.scopus.com/inward/record.url?scp=85046425695&partnerID=8YFLogxKen_US
dc.identifier.otherPURE FILEURL: https://research.aalto.fi/files/29744483/1_s2.0_S0167404818302797_main.pdfen_US
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/35202
dc.identifier.urnURN:NBN:fi:aalto-201812106217
dc.language.isoenen
dc.relation.ispartofseriesComputers and Securityen
dc.relation.ispartofseriesVolume 77en
dc.rightsopenAccessen
dc.subject.keywordMan-in-the-middle Malwareen_US
dc.subject.keywordPay-per-installen_US
dc.subject.keywordPotentially-unwanted programen_US
dc.subject.keywordUI-automationen_US
dc.titleAutomated analysis of freeware installers promoted by download portalsen
dc.typeA2 Katsausartikkeli tieteellisessä aikakauslehdessäfi
dc.type.versionpublishedVersion

Files