CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

Slides:

Advertisements

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

E-Commerce Security and Fraud Issues and Protections

Discovering Computers 2010

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Our Digital World Second Edition

Computing Concepts – Part 2 Getting Started with Applied Computer Concepts Computing Concepts: Part 2 1.

Introduction to Honeypot, Botnet, and Security Measurement

Securing Information Systems

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

BUSINESS B1 Information Security.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Protecting Your Information Assets

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Computer & Network Security

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Software Security Testing Vinay Srinivasan cell:

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

PLUG IT IN SIX Protecting Your Information Assets.

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

Information Systems Ethics (Cyberethics) Dr. Robert Chi Department of Information Systems California State University, Long Beach.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

1 CAP6133: Advanced Topics in Computer Security and Computer Forensics (spring’08) Class Overview Dr. Cliff Zou.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

1 Introduction to Malcode, DoS Attack, Traceback, RFID Security Cliff C. Zou 03/02/06.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.

What is Spam? d min.

1 CDA 4527 Computer Communication Networking (not “analysis”) Prof. Cliff Zou School of Electrical Engineering and Computer Science University of Central.

Measurements and Mitigation of Peer-to-peer Botnets: A Case Study on Storm Worm Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling.

1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

Cybersecurity Test Review Introduction to Digital Technology.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

Botnets A collection of compromised machines

A Low Cost, Portable Platform for Information Assurance and Security Education Dan C. Lo, Kai Qian Department of Computer Science and Software Engineering.

TECHNOLOGY GUIDE THREE

Botnets A collection of compromised machines

Teaching Computing to GCSE

Risk of the Internet At Home

Home Internet Vulnerabilities

Chapter 9 E-Commerce Security and Fraud Protection

Computer Security.

Course Information Teacher: Cliff Zou Office: HEC

Test 3 review FTP & Cybersecurity

Presentation transcript:

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012

Previous CAP6135 Term Projects  Web Application Vulnerabilities  Spam Filtering Techniques  Survey of P2P applications and inherent security risks  Building KnightBot: a covert self recovering botNet library  Rootkit  A Study of IDS/IPS  Spam Detection  Zombies in the Clouds

 Survey of Defensive Techniques for Preventing Cross Site Scripting Attacks  Computer Security/Forensic Tool Validation  Exploring Steganography: Seeing the Unseen  Methods of Preventing SQL Injection  CAPTCHA Effectivity Survey  Trojan Horses  Smart card and Credit card security study  Security Risks found within RFID Technology 3

 Media Sterilization  Survey of Malware Detection in Mobile Environment  Private Profile (a Facebook app) .NET Code Protection: Fighting Reverse Engineering  Security study in cognitive radio network  Security virsualization  Near Field Communication (NFC)Strengths and Weaknesses 4

Some Suggested Hot Topics  Cloud computing security  Encrypted data search  Virtual machine isolation  Law and policy on cloud location and storage  Monitoring and log  Location-based service privacy for mobile system  Social network privacy 5

Some Interesting Topics  Social network security and privacy  Social network based malware, such as previously appeared malware Boonana, Samy, RenRen, Koobface, and SpaceFlash.  Spam in social network, such as in twitter network  Privacy vulnerability and protection; such as recent incident of Facebook privacy problem  Reputation assurance for online user reviewing system. How to make user reviews reliable against malicious attackers or bots (such as fake review to boost a product)  Botnet modeling, attack method, defense (real case study, monitoring real botnet, peer-to-peer botnet) 6

 Cloud computing security and privacy  Virtual machine security: such as prevent information leakage among different users on the same VM or on the same physical host.  Cloud data encryption. How to encrypt data on cloud so that the cloud provider cannot read the data and: (1). it can still be searched by client, (2) it can be shared by multiple users with efficient secure key management; (3). It can still support cloud provider to efficiently save storage by merging the same data together.  How to spread malware in cloud; how to defend malware in cloud environment 7

 DNS security:  DNS hijacking attack and defense  DNS Poisoning attack and defense  Case study of previous appeared DNS attack incidents  spam and phishing defense  Spam detection, filtering  Phishing attack defense  Wireless networking security  Ad hoc network secure routing  Reputation system for wireless networking  Vehicular networking security and privacy  Security and privacy protection in location service in wireless networking (such as among smart phone users) 8

 Security and privacy issues in smartphones  Jail breaking in iPhone  Worm propagation in smartphone: propagation theory, previous incident case study, etc.  Bluetooth security issue in smartphones  Web security  Detection of malicious web sites (for example, by using crawling and honeypots)  Detecting of phishing/fake websites  Detecting malicious code injection  Verifying security for all web plug-ins or extensions  Browser history or cookie security issues and protection 9

 CAPTCHA security  Image-based CAPTCHA, video-based CAPTCHA  Improving text-based CAPTCHA  Defense against CAPTCHA human-solver attack  RFID security and privacy  Privacy protection in RFID systems  Security protocols for RFID systems  Real attacks against car key, gas station remote key, etc.  Anonymity  Privacy-preserving data sharing  Attacks against various anonymity protocols and systems  Design of new/improved anonymity protocols  Black market study of hackers 10

 Computer architecture based security  Secure CPU design  Secure memory design (e.g., each memory byte has a security bit support)  Secure cache design to defend against side channel attack  Peer-to-peer system security  New attack methods against existing p2p protocols such as bitTorrent  Security issues in p2p video streaming  Network security  Defense against distributed denial-of-service attack  BGP router security  Network traffic-based monitoring and attack detection  Stepping stone identification 11