Table of Contents Author Guidelines Submit a Manuscript
Journal of Computer Networks and Communications
Volume 2011 (2011), Article ID 569829, 28 pages
Research Article

Evaluating Grayware Characteristics and Risks

1Yahoo! Inc., Sunnyvale, CA 94089, USA
2Department of Mathematics, Guangxi University of Finance and Economics, Guangxi 530003, China
3Department of Mathematics, Florida State University, Tallahassee, FL 32306, USA
4Corporate Accounts, Shire Pharmaceuticals, Inc. Wayne, PA 19087, USA

Received 8 March 2011; Revised 22 June 2011; Accepted 28 June 2011

Academic Editor: Yueh M. Huang

Copyright © 2011 Zhongqiang Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Grayware encyclopedias collect known species to provide information for incident analysis, however, the lack of categorization and generalization capability renders them ineffective in the development of defense strategies against clustered strains. A grayware categorization framework is therefore proposed here to not only classify grayware according to diverse taxonomic features but also facilitate evaluations on grayware risk to cyberspace. Armed with Support Vector Machines, the framework builds learning models based on training data extracted automatically from grayware encyclopedias and visualizes categorization results with Self-Organizing Maps. The features used in learning models are selected with information gain and the high dimensionality of feature space is reduced by word stemming and stopword removal process. The grayware categorizations on diversified features reveal that grayware typically attempts to improve its penetration rate by resorting to multiple installation mechanisms and reduced code footprints. The framework also shows that grayware evades detection by attacking victims' security applications and resists being removed by enhancing its clotting capability with infected hosts. Our analysis further points out that species in categories Spyware and Adware continue to dominate the grayware landscape and impose extremely critical threats to the Internet ecosystem.