DOCSLIB.ORG

Counting Spyware Detections Perception and Reality

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Counting Spyware Detections Perception and Reality White Paper March 2005 AVERT™ Counting Spyware Detections Perception and Reality www.mcafee.com Counting Spyware Detections Perception and Reality 2 Table of Contents Table of Contents 2 The myth of signature counts 3 Shenanigans! 3 When is a threat counted as unique 3 But wait, there’s more! 5 Clouding the picture 6 So how should products be compared? 6 Next Steps 7 Industry Cooperation 7 Improved Independent Testing 7 Conclusion 7 About AVERT 8 www.mcafee.com Counting Spyware Detections Perception and Reality 3 The myth of signature counts Now imagine a group of anti-virus vendors writing code to detect all of these (detection code executed in order Shenanigans! shown): In the early days of the anti-virus industry, it was common for vendors to brag about their signature counts and Vendor X: withhold their samples from other anti-virus vendors to - Detect A*CD*F as Virus 1 prevent them from catching up. Eventually, everyone realized that this was causing misleading claims and was Vendor Y: performing a disservice to the marketplace. This practice in many ways led to the rise of the independent testing - Detect AACD*F as Virus 1 bodies, such as ICSA Labs, VTC, AV-Test.org and so on. - Detect A*CDEF as Virus 2 Unfortunately, the anti-spyware industry as a whole has not reached this level of maturity. Many vendors count Vendor Z: each executable, data file, registry key, etc. belonging to a - Detect ABCD** as Virus 2 package as a new signature. There is also wide variation in the kinds of threats detected. Some detect backdoors - Detect ACCD** as Virus 3 Trojans and worms, while others do not. Others have numerous detections for cookies, which have no security - Detect AACD** as Virus 4 impact and debatable privacy implications. What you end up with is: When is a threat counted as unique Table 1: Hypothetical anti-virus naming concordance The Anti-virus perspective File Vendor Vendor Vendor The anti-virus industry has long taken heat for confusion X: Y: Z: over virus naming, and there is wide disparity not only in Sig Count Sig Count Sig Count how many detections a product claims to be capable of, 1 2 3 but in how threats are named and counted. This ABCDEF Virus 1 Virus 2 Virus 2 discrepancy occurs in the anti-virus world for a variety of ACCDEF Virus 1 Virus 2 Virus 3 reasons: AACDEF Virus 1 Virus 1 Virus 4 • Historical conventions AACDFF Virus 1 Virus 1 Virus 4 • Lack of time to synchronize names during outbreak events So in this grossly-simplified case, three vendors with a 200% variation in signature count all detect all 4 samples, • Simple stubbornness but with different names. • Differences in generic and heuristic detection The VGrep tool, maintained by McAfee for Virus Bulletin technology (http://www.virusbtn.com/resources/vgrep/index.xml) To understand the last point, imagine the following 4 files attempts to help alleviate some of the confusion by cross- consisting only of 6 letter sequences were all viruses: referencing vendor’s names across a large body of samples. 1. ABCDEF For a more realistic example, in a recent test at AV- 2. ACCDEF Comparatives (http://www.av- comparatives.org/seiten/ergebnisse_2004_08.php), 3. AACDEF products tested claim anywhere from just shy of 53,000 signatures (Dialogue Science) to nearly 123,000 4. AACDFF www.mcafee.com Counting Spyware Detections Perception and Reality 4 signatures (Frisk Software). But at the end of the day, Spycop SpyCop 467 almost all of the products tested detected over 300,000 of Webroot Spyware Sweeper 31104 323,000 unique samples. So a large difference in number Javacool SpywareBlaster 3183 of signatures may relate to only small differences in actual PC Tools.com Ltd Spyware Doctor 10684 detection capabilities. Giant Company GIANT Antispyware > 100,000 Software‡ Now this level of confusion occurs in an industry that: McAfee VirusScan 3175* Enterprise • Has been around for nearly 20 years in some McAfee Antispyware** 384 form or another * counts only Potentially Unwanted Program detections • Has consistent definitions for what is and is not a ** McAfee consumer antispyware product virus or a Trojan (the definition for virus can be ‡ Now Microsoft Antispyware expressed in mathematical terms it is so precise, This shows a difference of 3 orders of magnitude between Adleman, 1988, “An Abstract Theory of Computer the highest and the lowest signature counts in the different Viruses”) products. Now consider the performance of those • Has a variety of professional bodies (AVPD, products when they scanned McAfee’s APP collection CARO, AVED, AVAR, EICAR) to promote (detections that are neither viral nor Trojan): cooperation and consistency Table 3: Spyware product detection over McAfee • Has routine collection-trading occurring between APPS collection a vast majority of vendors Vendor Number of Time Taken Detections • Has a number of well-respected testing bodies McAfee VirusScan 11288 0:19:50 (e.g. ICSA, VTC, VB, AV-Test.org, AV- Enterprise Comparatives.org) with high-quality collections Spyware Doctor 135 0:00:24 SpySweeper 951 0:02:54 In fact, the entire basis for rating the detection capabilities Adwaresafe 151 0:00:57 of anti-virus vendors rests on the fact that there are people Adaware 356 0:03:19 and organizations with canonical, or at least, very complete, collections. In this way, we can make apples- PestPatrol 2601 0:25:00 to-apples comparisons between anti-virus products in a McAfee Antispyware* 270 0:03:53 way that is unambiguous despite all of the inherent Aluria Spyware Eliminator 358 0:12:07 inconsistency in counting and naming. Giant Antispyware 617 0:22:19 The Spyware perspective SpyBot 0 0:03:08 Now let’s switch to the spyware industry, where a recent * McAfee Consumer antispyware product (September, 2004) internal McAfee survey showed the following “raw” signature counts: PLEASE NOTE: Table 2: Spyware Product signature count • This is a terrible test and should not be Competitor Product # detections used for real comparisons or competitive Aluria Spyware Eliminator 18625 evaluation. Lavasoft Ad-Aware 9637 • McAfee Anti-Spyware Enterprise Computer PestPatrol 118060 (corporate product) was not available for Associates inclusion at the time of the tests. Safer Networking Spybot S&D 17679 Ltd www.mcafee.com Counting Spyware Detections Perception and Reality 5 The only thing the above results prove is that it is VERY vendors over the correct family name, they are in many easy to run a meaningless test. Why is it a terrible test? ways, less complex than PUPs. • It includes samples collected by only one vendor Many PUPs are complete software packages. They (McAfee) and is HEAVILY biased in VirusScan include installers, uninstallers, read-me’s, EULA’s, data Enterprise’s favor, as this is the collection used to files, support DLLs, shortcuts and other paraphernalia verify that we detect what we are supposed to in common to Windows applications. In our early experience terms of Potentially Unwanted Programs (PUPs) with the spyware collected by the McAfee Anti-spyware before every DAT release. (MAS) consumer team, we’ve seen the following: • It is heavily biased AGAINST products that rely • There are something like 14,000 files (only about on more than a file to trigger detection. For 5,000 are left after removing data files like txt, example, SpyBot detects PUPs ONLY when the jpg, registry, etc. files) contained in the MAS properly installed package (including registry collection, belonging to the only 400 or so unique entries, et. al) is present on a system. A dumb detections that the product contains. So whereas file collection will not trigger anything. SpyBot the DATs have 3,000 signatures to detect 11,000 actually is a decent anti-spyware product against files (about 3 files per signature), MAS only live PUPs, which cannot be determined from this needs 400 to cover about 14,000 (about 35 per test. signature). • It does not include detection for cookies and • A single MAS detection will often contain files registry entries, which may make up large detected under 5-10 completely different names portions of the signature databases for some in the DATs. products. • There is much more code reuse in PUPs, such • It does not include backdoor Trojans and other that the same exact binary might exist in 15 or “traditional” malware, which often find their way more individual PUP packages. Even worse, the into anti-spyware products. For example, nearly same binaries might exist in packages that do 70% of the files listed in Pest Patrol’s Pest NOT have PUP characteristics at all, and which Encyclopedia we do not want to detect in this context. (http://research.pestpatrol.com/search/browse.as px) of 25,000+ pests are in categories that In a nutshell, there is absolutely no correspondence AVERT generally treats as Trojan horses. In between the number of signatures in a database, and other words, nearly 3/4 of their signature base the effectiveness of that product against any given set may include items already detected by McAfee of threats. VirusScan Enterprise. There is very little consistency about how detections are • It does not include a collection of over 200,000 counted amongst anti-spyware vendors, and no one is in a unique dialer programs that are detected by less position to call them on it, because no one has a than 100 signatures in the McAfee DAT files. comprehensive collection. AVERT estimates that there are approximately 7,000 -10,000 real unique PUPs to But wait, there’s more! detect, counting them more or less the way we do in the But these aren’t the only challenges in trying to make anti-virus space.
Load more

Recommended publications
  • Translators' Tool
    The Translator’s Tool Box A Computer Primer for Translators by Jost Zetzsche Version 9, December 2010 Copyright © 2010 International Writers’ Group, LLC. All rights reserved. This document, or any part thereof, may not be reproduced or transmitted electronically or by any other means without the prior written permission of International Writers’ Group, LLC. ABBYY FineReader and PDF Transformer are copyrighted by ABBYY Software House. Acrobat, Acrobat Reader, Dreamweaver, FrameMaker, HomeSite, InDesign, Illustrator, PageMaker, Photoshop, and RoboHelp are registered trademarks of Adobe Systems Inc. Acrocheck is copyrighted by acrolinx GmbH. Acronis True Image is a trademark of Acronis, Inc. Across is a trademark of Nero AG. AllChars is copyrighted by Jeroen Laarhoven. ApSIC Xbench and Comparator are copyrighted by ApSIC S.L. Araxis Merge is copyrighted by Araxis Ltd. ASAP Utilities is copyrighted by eGate Internet Solutions. Authoring Memory Tool is copyrighted by Sajan. Belarc Advisor is a trademark of Belarc, Inc. Catalyst and Publisher are trademarks of Alchemy Software Development Ltd. ClipMate is a trademark of Thornsoft Development. ColourProof, ColourTagger, and QA Solution are copyrighted by Yamagata Europe. Complete Word Count is copyrighted by Shauna Kelly. CopyFlow is a trademark of North Atlantic Publishing Systems, Inc. CrossCheck is copyrighted by Global Databases, Ltd. Déjà Vu is a trademark of ATRIL Language Engineering, S.L. Docucom PDF Driver is copyrighted by Zeon Corporation. dtSearch is a trademark of dtSearch Corp. EasyCleaner is a trademark of ToniArts. ExamDiff Pro is a trademark of Prestosoft. EmEditor is copyrighted by Emura Software inc. Error Spy is copyrighted by D.O.G. GmbH. FileHippo is copyrighted by FileHippo.com.
    [Show full text]
  • NOTICE by Hotfile Corp., Anton Titov Defendants' Notice of Filing The
    Disney Enterprises, Inc. et al v. Hotfile Corp. et al Doc. 391 Att. 1 EXHIBIT A Dockets.Justia.com PUBLIC VERSION UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA CASE NO.: 11-CIV-20427-WILLIAMS/TURNOFF DISNEY ENTERPRISES, INC., TWENTIETH CENTURY FOX FILM CORPORATION, UNIVERSAL CITY STUDIOS PRODUCTIONS LLLP, COLUMBIA PICTURES INDUSTRIES, INC., and WARNER BROS. ENTERTAINMENT INC., Plaintiffs, v. HOTFILE CORP., ANTON TITOV, and DOES 1-10. Defendants. / HOTFILE CORP., Counterclaimant, v. WARNER BROS. ENTERTAINMENT INC., Counter-Defendant. / [REDACTED] DECLARATION OF PROFESSOR JAMES BOYLE IN SUPPORT OF DEFENDANTS’ OPPOSITION TO PLAINTIFFS’ MOTION FOR SUMMARY JUDGMENT AND EXHIBITS THERETO FILED UNDER SEAL CASE NO.: 11-CIV-20427-WILLIAMS/TURNOFF I, JAMES BOYLE, declare as follows: 1. I am currently the William Neal Reynolds Professor of Law at Duke University, and have been retained by Farella, Braun + Martel LLP on behalf of the Defendants in this action as an expert witness. 2. I received an LL.B. (Hons) from Glasgow University (1980), and an LL.M. (1981) and S.J.D. (1986) from Harvard Law School. I have been a law professor since 1982, teaching at American University, and at the Universities of Pennsylvania, Harvard and Yale as a Visiting Professor. In 2000 I joined the law faculty at Duke. 3. My academic research is mainly in the areas of intellectual property and communication policy, with a focus on the Internet. I have written and edited numerous articles and books on these subjects. In general, my research and scholarship has focused on: i) Copyright law, particularly in the digital arena. I have published extensively on copyright in law journals, monographs, and edited collections of essays; a full list is available in the attached curriculum vitae.
    [Show full text]
  • EBO IT Troubleshooting
    EBO IT Troubleshooting Because EarnBenefits Online (EBO) is an internet-based software, sometimes the program’s speed can be impacted by your internet connection or computer. The following are suggestions for maintenance and protective software that might be applied to your individual computer to potentially improve speed and performance. These solutions are not guaranteed. EBO Nexus and EBO do not produce or support any of the applications listed here and cannot be held liable for any negative impact that their installation or use may have on your machine. If you are not authorized by your organization, or are not comfortable with installing software, then contact your organization’s IT Support for assistance. If you are experiencing difficulty connecting to EBO, contact the Helpdesk. They can be reached at [email protected] or 855-EBO-NEXUS (855-326-6398). You can also confirm if EBO is having system-wide problems by visiting downforeveryoneorjustme.com. Things that you can do: If you are using Firefox to access EBO: Make sure that Firefox is up-to-date. Click on Help (in the browser Menu Bar) and ‘Check for Updates.’ (If Firefox is up-to-date, ‘Check for Updates’ will be grayed out.) When using EBO, avoid having multiple tabs open to access other web pages. Minimize the number of other web sites and program you have open. Clear the cache in Firefox. Click on Tools (in the browser Menu Bar) and ‘Clear Recent History…’ When prompted, select ‘Cache’ and ‘Cookies.’ Select ‘Everything’ as the Time Range to Clear. Click ‘Clear Now.’ Things to ask your IT staff: The following free programs can provide protection against malicious programs that may slow your computer.
    [Show full text]
  • Forescout Counteract® Endpoint Support Compatibility Matrix Updated: October 2018
    ForeScout CounterACT® Endpoint Support Compatibility Matrix Updated: October 2018 ForeScout CounterACT Endpoint Support Compatibility Matrix 2 Table of Contents About Endpoint Support Compatibility ......................................................... 3 Operating Systems ....................................................................................... 3 Microsoft Windows (32 & 64 BIT Versions) ...................................................... 3 MAC OS X / MACOS ...................................................................................... 5 Linux .......................................................................................................... 6 Web Browsers .............................................................................................. 8 Microsoft Windows Applications ...................................................................... 9 Antivirus ................................................................................................. 9 Peer-to-Peer .......................................................................................... 25 Instant Messaging .................................................................................. 31 Anti-Spyware ......................................................................................... 34 Personal Firewall .................................................................................... 36 Hard Drive Encryption ............................................................................. 38 Cloud Sync ...........................................................................................
    [Show full text]
  • Download Spyware Torrent Spywareblaster for Windows
    download spyware torrent SpywareBlaster for Windows. Spyware, adware, browser hijackers, and dialers are some of the fastest-growing threats on the Internet today. By simply browsing to a web page, you could find your computer to be the brand-new host of one of these unwanted fiends! The most important step you can take is to secure your system. And SpywareBlaster is the most powerful protection program available. Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially unwanted sites in Internet Explorer. SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background. Download spyware torrent. Why SpywareBlaster? Spyware, adware, browser hijackers, and dialers are some of the most annoying and pervasive threats on the Internet today. By simply browsing a web page, you could find your computer to be the brand-new host of one of these unwanted fiends! The most important step you can take is to secure your system. And SpywareBlaster is the most powerful protection program available. Prevent the installation of ActiveX-based spyware and other potentially unwanted programs. Block spying / tracking via cookies. Restrict the actions of potentially unwanted or dangerous web sites. No-Nonsense Security SpywareBlaster can help keep your system secure, without interfering with the "good side" of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background.
    [Show full text]
  • Couldnt Load Inprocserver32 Dll
    Couldnt load inprocserver32 dll click here to download The 'Intel Inspector XE ' package did not load correctly. For some reason I couldn't edit my post. I do not know if www.doorway.ru is the implemetation of InprocServer32,but if you could try to register www.doorway.ru C:\Program Files\Common Files\Microsoft Shared\Filters\www.doorway.ru However the following printf("Couldn't load dll\n"); } HINSTANCE hDLL2 More results from www.doorway.ru In normal cases, the add-in should be checked and its "Load Hamed, I've done all steps as mentioned in your post, but I couldn't get my . Then I found that my DLL was registered in registry as {CLSID}InprocServer err le:CoGetClassObject couldn't load InprocServer32 dll C:\PROG~FBU\KOD\www.doorway.ru wine: Unhandled exception (thread ), starting. err:ole:CoGetClassObject couldn't load InprocServer32 dll www.doorway.ru fixme:ole:CoCreateInstance no but www.doorway.ru is in c:\winnt\system32 and "system". This entry was posted in Case Studies and tagged antivirus, regedit, registry, www.doorway.ru by Steve Schardein. Bookmark the permalink. You have to spefify CLSCTX_LOCAL_SERVER to CoCreateInstance() to enforce out-proc activation. That's peculiarity of DCOM - if your. err:ole:CoGetClassObject couldn't load InprocServer32 dll > %SystemRoot%\system\www.doorway.ru > fixme:ole:CoCreateInstance no classfactory HoMM 4 multiplayer. err:ole:CoGetClassObject couldn't load InprocServer32 dll www.doorway.ru but www.doorway.ru is in c:\winnt\system32 and "system" = "C:\\winnt\\SYSTEM32". If I use native. NET Framework can be made to load a profiling DLL or a COM component www.doorway.ru InprocServer32 registry key containing the path to .
    [Show full text]
  • Best Utility Programs & How to Use Them
    The Best Utility Programs & Their Use Hillingdon U3A Computer Club June 2019 Utility Programs I Can Recommend • Utility programs enhance Windows making it easier & more fun to use. • The first list is not in any preference order but it does include some important programs that I believe to be of special interest. • The list also has a description of each utility, and some have a link to the best site to download from. • All the utilities listed here are free. Useful Utilities: • ADOBE READER: A Portable Document Format - PDF reader from Adobe that’s been around since the 90’s. Provides a document reader independent of application software, hardware, & O/S. https://get.adobe.com/reader/ [ Foxit Reader: A PDF alternative to Acrobat Reader but only install one of the two or you may get problems. ] • VLC MEDIA PLAYER: A cross platform multimedia player that plays everything, thought to be better than Windows Media Player. • • ZIP: Compresses and un-compress files using an algorithm to reduce file size. First released 1989. Works on one or more files and folders. Can also include .exe files, useful if you want to attached this to an email. WINZIP, WINRAR, 7ZIP • GOOGLE EARTH: Provides a satellite view of locations around the globe. • LIBRE OFFICE: A free suite of office automation products that provide a realistic, effective and fully compatible alternative to the major components of MS Office 2010,13,16,19 or Office 365 • THUNDERBIRD: An email client program from Mozilla to use in place of the web based email interface for Gmail, Yahoo, etc., or client programs like Microsoft’s Mail or Outlook, etc.
    [Show full text]
  • Resources for Patrons
    i This page intentionally left blank iii Second Edition Irene E. McDermott Edited by Barbara Quint Medford, New Jersey iv First printing, 2006 The Librarian’s Internet Survival Guide: Strategies for the High-Tech Reference Desk, Second Edition Copyright © 2006 by Irene E. McDermott All rights reserved. No part of this book may be reproduced in any form or by any electronic or mechanical means, including information storage and retrieval systems, without permission in writing from the publisher, except by a reviewer, who may quote brief passages in a review. Published by Information Today, Inc., 143 Old Marlton Pike, Medford, New Jersey 08055. Publisher’s Note: The author and publisher have taken care in preparation of this book but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book and Information Today, Inc. was aware of a trademark claim, the designations have been printed with initial capital letters. Library of Congress Cataloging-in-Publication Data McDermott, Irene E., 1959- The librarian's Internet survival guide : strategies for the high-tech reference desk / by Irene E. McDermott ; edited by Barbara Quint.-- 2nd ed. p. cm. Includes bibliographical references and index. ISBN 1-57387-235-0 1. Computer network resources--Directories. 2. Web sites--Directories. 3.
    [Show full text]
  • January 2014
    NEWSLETTER OF THE SAN MARCOS HOUSING AUTHORITY January 2014 SMHA Resident Services THE ORACLE Achieves a Major Milestone As announced in a previous issue, the Housing Authority was awarded a new, three-year continuation grant in the Resident Opportunities and Self-Sufficiency Program (ROSS) from the Department of Housing and Urban Development (HUD). What we could not report on at the time was how well we accomplished the goals of the previous grant, which began in October of 2010 and concluded last September. We recently completed our final report to HUD and we are pleased to be able to report that our Resident Services Department performed exceptionally well under very challenging circumstances. In 2010, the Resident Services was faced with a major challenge, which resulted from significant changes in the ROSS program at the national level. When we obtained our first three-year grants in 2006, we were awarded two major ROSS grants. One was for services to elderly and disabled residents of public housing. The other was for families. Those grants made it possible to hire two service coordinators, a support technician, and several part-time tutors for the after-school programs. It also paid for a specially-equipped mini-van to service disabled residents as well as a regular mini-van, which supported teen activities. The grants also supported the programs in other ways. Our overall program expanded significantly. When the 2009 grants were announced, rule changes limited us to only one grant and one service coordinator. We were awarded a continuation grant but had to deal with the loss of two-full time employees and funding for our tutors.
    [Show full text]
  • Network Technology Resources Home
    Network Technology Resources Malware is socially engineered, malicious software, that the user unknowingly allows onto their computer because they clicked on a link that installed the virus or rogue software. Most people don’t realize their computer has been hijacked. The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few tips that will help you avoid downloading software that you don't want: Don't open spam email messages or click links on suspicious websites. Instead, type the website address directly into your browser, or use bookmarks. Watch out for fake virus alerts that show up as pop‐ups warning you are infected with a virus or your computer needs updated. Don't click links in email messages and avoid websites that offer free software—especially free antivirus software. Download programs only from websites you trust. If you are redirected to a site wanting to download something to your computer never click "Agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press Alt + F4 on your keyboard to close a window. If you're not sure whether to trust a program you are considering downloading, enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware. Files that end in the extensions .exe or .scr commonly hide malware. However, even files with familiar extensions such as .docx, .xlsx, and .pdf can be dangerous. Rogue security software also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions.
    [Show full text]
  • Open Sirinda Main Final.Pdf
    The Pennsylvania State University The Graduate School College of Engineering A FRAMEWORK FOR MINING SIGNIFICANT SUBGRAPHS AND ITS APPLICATION IN MALWARE ANALYSIS A Dissertation in Computer Science and Engineering by Sirinda Palahan © 2014 Sirinda Palahan Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy August 2014 The dissertation of Sirinda Palahan was reviewed and approved∗ by the following: Daniel Kifer Assistant Professor of Computer Science and Engineering Dissertation Advisor, Chair of Committee Robert Collins Associate Professor of Computer Science and Engineering John Hannan Associate Professor of Computer Science and Engineering C. Lee Giles David Reese Professor of Information Sciences and Technology Lee Coraor Associate Professor of Computer Science and Engineering, Graduate Officer ∗Signatures are on file in the Graduate School. ii Abstract The growth of graph data has encouraged research in graph mining algorithms, especially subgraph pattern mining from graph databases. Discovered patterns could help researchers understand inherent properties and characteristics in large and complex graphs. Frequent subgraph mining has been widely applied successfully in many applications, such as mining network motifs in a complex network, identifying malicious behaviors or mining biochemical structures. However, the high frequency of a subgraph does not always indicate that a subgraph is statistically significant. In this dissertation, we propose a framework for mining statistically significant subgraphs. Our framework is based on a new method for measuring the statistical significance of subgraphs. Given a training set of graphs from two classes (e.g., positive and negative graphs), our method utilizes the class labels provided in the training data to calculate p-values.
    [Show full text]
  • Spywareblaster 3.5
    SpywareBlaster 3.5 Verkorte handleiding Het programma SpywareBlaster 3.5 voorkomt de installatie van op ActiveX gebaseerde spyware, adware, dialers, browserkapers en andere pests. Het beperkt tevens de acties van potentieel gevaarlijke sites in Internet Explorer en het blokkeert tracking cookies in Internet Explorer, Mozilla en Firefox. Met SpywareBlaster voorkom je dat spyware op je computer terecht komt. Daarvoor hoeft SpywareBlaster niet constant te draaien, maar is een regelmatige update voldoende. Open SpywareBlaster . Ziehier het openingsvenster 1 Stap 1 Klik op “ System snapshot” Selecteer “ Create new System Snapshot ” (puntje plaatsen) en klik op Go . Geef de back-up een naam en klik op ‘Create new System Snapshot ’ Hiermee wordt van Spyware gevoelige componenten een back-up gemaakt. Mocht je systeem om een of andere reden geïnfecteerd worden met Spyware, dan kun je altijd deze back-up terugzetten door ‘ Restore System to Saved Snapshot Point ’ aan te vinken en op Go> te klikken. Stap 2 Nu moeten we SpywareBlaster updaten. Dit om er zeker van te zijn dat SpywareBlaster beschikt over de meest recente lijst van Hijackers/Spyware, zodat je Browser optimaal beschermd is. Doe dit minstens eenmaal per week. Klik op Updates (rode kader in de volgende afbeelding). Klik op Check for Updates (groene kader). Als er updates zijn, download en installeert Spywareblaster deze automatisch. Indien er geen updates ter beschikking zijn, dan zal dat medegedeeld worden. Na het binnenhalen van de laatste updates klik je op het statusblad in het venster Protection op Enable All Protection . 2 Op het statusblad van het scherm Protection krijg je trouwens een mooi overzicht van je instellingen.
    [Show full text]