CSC 382/582: Computer Security

Slides:



Advertisements
Similar presentations
Chapter 15 Computer Security Techniques
Advertisements

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Malware.
Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.
Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Dr. Richard Ford  Szor 11  Virus Scanners – how they work, why they matter, how to write one…
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Securing Operating Systems Rootkits - TAPTI SAHA.
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Malware.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Operating system Security By Murtaza K. Madraswala.
CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Single Host Firewall Simplest type of firewall—one host acts as a gateway.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Telecommunications Networking II Lecture 41f Viruses and Worms.
Recent Internet Viruses & Worms By Doppalapudi Raghu.
CSC 382/582: Computer SecuritySlide #1 CSC 382/582: Computer Security Integrity Management.
Dealing with Malware By: Brandon Payne Image source: TechTips.com.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Network Monitoring.
METAMORPHIC VIRUS NGUYEN LE VAN.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
VIRUSES & ANTI- VIRU-SES. WHAT IS A COMPUTER VIRUS? A computer virus is a small software program that spreads from one computer to another computer and.
Technology in Action Chapter 9 Securing Your System: Protecting Your Digital Data and Devices Copyright © 2013 Pearson Education, Inc. Publishing as Prentice.
MALWARE.
EN Lecture Notes Spring 2016
Acknowledgement This lecture uses some contents from the lecture notes from: Dr. Vitaly Shmatikov CS Network Security and Privacy Introduction to.
Techniques, Tools, and Research Issues
Operating system Security
CIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems
Computer Technology Notes 5
Computer Security Tools.
CSC 482/582: Computer Security
– Communication Technology in a Changing World
12: Security The Security Problem Authentication Program Threats
Chap 10 Malicious Software.
Executive Director and Endowed Chair
Executive Director and Endowed Chair
مرکز فناوری اطلاعات دانشگاه رازی
Chapter 22: Malicious Logic
Security.
Chap 10 Malicious Software.
Malware and how to defend against it
Operating System Concepts
Operating System Concepts
Malicious Program and Protection
Presentation transcript:

CSC 382/582: Computer Security Integrity Management CSC 382/582: Computer Security

Models of Intrusion Detection Misuse detection You know what’s bad. Attempt to detect bad items. Anti-virus and anti-spyware tools. Anomaly detection You know what’s good. Attempt to detect deviations from good state. Host Intrusion Detection Systems (HIDS). CSC 382/582: Computer Security

Theory of Malicious Code Theorem 22-1: It is undecidable whether an arbitrary program contains a computer virus. Proof: Define virus v as TM program that copies v to other parts of the tape, while not overwriting any part of v. Reduce to Halting Problem: T’ running code V’ reproduces V iff running T on V halts. Theorem 22-2: It is undecidable whether an arbitrary program contains malicious logic. CSC 382/582: Computer Security

CSC 382/582: Computer Security Detecting Malware Signature-based Look for known patterns in malicious code. Defeated by polymorphic viruses. Smart scanning Skips junk instructions inserted by poly engines. Skips whitespace/case changes in macro viruses. Decryption Brute-forces simple XOR-based encryption. Checks decrypted text against small virus sig to decide whether has plaintext or not. CSC 382/582: Computer Security

CSC 382/582: Computer Security Detecting Malware Code Emulation Execute potential malware on VM. Scan VM memory after certain # iterations. Watch instructions for decryptor profile. Code Optimization. Optimize away junk instructions and odd techniques used by polymorphic viruses. CSC 382/582: Computer Security

CSC 382/582: Computer Security Detecting Malware Heuristics Code execution starts in last section. Suspicious code redirection. Suspicious section ACLs or size. Suspicious library routine imports. Hard-coded pointers into OS kernel. Neural Network Heuristics IBM researchers trained neural net to recognize difficult polymorphic viruses. Released in Symantec antivirus. CSC 382/582: Computer Security

CSC 382/582: Computer Security Detecting Malware Behavior-based Watch for known actions from malicious code. Network access signature of worm. Unexpected use of dangerous system calls. Integrity Checking Host-based Intrusion Detection System. Record MAC, size, dates, ACL of files. Periodically check for changes. ex: Tripwire, AIDE CSC 382/582: Computer Security

CSC 382/582: Computer Security References Ross Anderson, Security Engineering, Wiley, 2001. Matt Bishop, Computer Security: Art and Science, Addison-Wesley, 2003. William Cheswick, Steven Bellovin, and Avriel Rubin, Firewalls and Internet Security, 2/e, 2003. Fred Cohen, http://www.all.net/books/virus/part1.html, 1984. Simson Garfinkel, Gene Spafford, and Alan Schartz, Practical UNIX and Internet Security, 3/e, O’Reilly & Associates, 2003. Cyrus Peikari and Anton Chuvakin, Security Warrior, O’Reilly & Associates, 2003. Ed Skoudis and Lenny Zeltser, Malware: Fighting Malicious Code, Prentice Hall, 2003. Ed Skoudis, Counter Hack Reloaded 2/e, Prentice Hall, 2006. Peter Szor, The Art of Computer Virus Research and Defense, Addison-Wesley, 2005. CSC 382/582: Computer Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.