User-Behavior Based Detection of Infection Onset
A major vector of computer infection is through exploiting software or design flaws in networked applications such as the browser. Malicious code can be fetched and executed on a victim's machine without the user's permission, as in Drive-By Download (DBD) attacks. In this paper, the authors describe a new tool called DeWare for detecting the onset of infection delivered through vulnerable applications. DeWare explores and enforces causal relationships between computer-related human behaviors and system properties, such as file-system access and process execution.