PUA detection based on bundle installer characteristics

Amir Lukach, Ehud Gudes, Asaf Shabtai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Many applications, such as download managers, antivirus, backup utilities, and Web browsers, are distributed freely via popular download sites in an attempt to increase the application’s user base. When such applications also include functionalities which are added as a means of monetizing the applications and may cause inconvenience to the user or compromise the user’s privacy, they are referred to as potentially unwanted applications (PUAs). Commonly used methods for detecting malicious software cannot be applied to detect PUAs, since they have a high degree of similarity to benign applications and require user interaction for installation. Previous research aimed at detecting PUAs has relied mainly on the use of a sandbox to monitor the behavior of installed applications, however, the methods suggested had limited accuracy. In this study, we propose a machine learning-based method for detecting PUAs. Our approach can be applied on the target endpoint directly and thus can provide protection against PUAs in real-time.

Original languageAmerican English
Title of host publicationData and Applications Security and Privacy - 34th Annual IFIP WG 11.3 Conference, DBSec 2020, Proceedings
EditorsAnoop Singhal, Jaideep Vaidya
Number of pages13
ISBN (Print)9783030496685
StatePublished - 1 Jan 2020
Event34th Annual IFIP WG11.3 Conference on Data and Applications Security and Privacy, DBSec 2020 - Regensburg, Germany
Duration: 25 Jun 202026 Jun 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12122 LNCS


Conference34th Annual IFIP WG11.3 Conference on Data and Applications Security and Privacy, DBSec 2020


  • Antivirus
  • Machine learning
  • Potentially unwanted applications

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'PUA detection based on bundle installer characteristics'. Together they form a unique fingerprint.

Cite this