Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Warren Toomey North Coast TAFE Port Macquarie campus
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Introduction to Security Computer Networks Computer Networks Term B10.
By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Nasca Internet Networking and Security viruses.
LittleOrange Internet Security an Endpoint Security Appliance.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
EICAR 2009, 12 May 2009 Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd.
EDUCAUSE Security 2006 Internet John Brown University.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Final Presentation 4/21/2010 By Guofu Xiong, Yuli Deng.
Network Security in a Business Setting By: Brian Haumschild.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
Hacker Zombie Computer Reflectors Target.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Virus & Anti-Virus Itthiwat Phiphopsukhawadee M.2/7 No.5 Saranpat Prasertthum M.2/7 No.17 Korakrit Laotrakul M.2/7 No.23 Pesan Kasemkitjanuwat M.2/7 No.25.
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Why do you need to think about security?  Data loss  System loss  Identity theft.
 a crime committed on a computer network, esp. the Internet.
Honeypot and Intrusion Detection System
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
PC Security: Antivirus Presentation done by Ming-Li Emily Chang (A2980) Raymond Chok (A2419)
 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
JEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
System utility pieces of software. Antivirus Antivirus (or anti-virus) software is used to safeguard a computer from malware, including viruses, computer.
Security at NCAR David Mitchell February 20th, 2007.
Anti-Virus Testing Project Vincent Martinez Christopher Creighton 7/28/09.
Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
AQA A2 COMP 3: Internet Security. Lesson Aim By the end of the lesson: By the end of the lesson: Describe different security issues and recommend tools/techniques.
Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
Global Mobile Anti-malware Market WEBSITE Single User License: US$ 2500 No of Pages: 55 Corporate User License: US$
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.
Protecting Your PC. Malware Virus Trojan Spyware Worm Rootkit Browser Hijacker With or Without AV software, ALL computers that have access to the internet.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
ANTIVIRUS ANTIVIRUS Author: Somnath G. Kavalase Junior Software developer at PBWebvsion PVT.LTD.
James Paik. What is a virus? A virus is a malicious program that can be executed on the computer and can cause damage to it.
Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.
Windows Vista Configuration MCTS : Network Security.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
CloudAV: N-Version Antivirus in the Network Cloud Jon Oberheide, Evan Cooke, Farnam Jahanian Electrical Engineering and Computer Science Department, University.
Three steps to prevent Malware infection
Instructor Materials Chapter 7 Network Security
Protecting your mobile devices away from virus by a cloud-based approach Wei Wu.
Threat Monitoring Center
PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS
Firewalls.
Malicious Software There are various sources via whom a malicious software can enter a system most common of which is through internet sites not only this.
IASP 470 PROJECT PROPOSAL MALWARE DETECTION
Presentation transcript:

Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology

Outline Problem and Background Threat Model System Architecture Conclusions and Future work

Antivirus Virus Signatures

Antivirus (cont.) On-access Scanner – Scan on file system operations – Open, read, write, close, etc. On-demand – Scan on user request

Problem in Scanning Network Traffic Al-Saleh et al., “Investigating the detection capabilities of antiviruses under concurrent attacks”. IET IFS Journal, AntivirusDetect? Kaspersky Anti-Virus 6.0No Symantec Endpoint Protection 11.0No Sophos Endpoint Security, and Control 10.0No Panda Internet Security 2014No Avg Internet Security 2014No BitDefender Internet Security 2014No Avast Internet Security 2014No TotalDefense Internet SecurityNo

Problem (cont.) Most malware infect victims through networks – Worm – Adware – Trojan Horse – Spam – Botnet – Etc.

Why? Is it hard to scan network traffic? – How hard is it? Drop security for performance? – How much performance degradation when scanning network traffic? Still speculation! – Exact reason is NOT known

Solution Very simple – It is a MUST to scan network traffic How? – Hmmmm, needs more thinking…

Threat Model

Basic Idea Simply, we need a way to tell the AV to scan network data. – Discrete packets (IP level) ineffective scanner; – Malware spans different packets – Out of order – Higher level (TCP) Builds state machine Maintains order Separates connections Separates inbound from outbound traffic

Packet Capturing (pcap) Kernel modules – passively capture network traffic and pass them to user space processes through a well-defined Application Programming Interface (API) Examples: Tcpdump and Wireshark Use such libraries to build a state machine for TCP connections

ClamAV The most popular open-source AV – Allows agents to make use of it programmatically – Link to the ClamAV shared library – ClamAV daemon along with the database of virus signatures are loaded once and shared with the user agents.

System Architecture

Conclusion and Future Work Antivirus software MUST scan network traffic The proposed system will be implemented Performance impact should be studied

Acknowledgements Jordan University of Science and Technology for the financial support

Thanks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.