Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Slides:

Advertisements

Similar presentations

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

Advertisements

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Computer Viruses.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

Intrusion Detection Systems and Practices

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

After this session, you should be able to:

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Definitions  Virus A small piece of software that attaches itself to a program on the computer. It can cause serious damage to your computer.  Worm.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Computer Viruses Preetha Annamalai Niranjan Potnis.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

BUSINESS B1 Information Security.

D. Beecroft Fremont High School VIRUSES.

 a crime committed on a computer network, esp. the Internet.

Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

Fundamentals of The Internet Learning outcomes After this session, you should be able to: Identify the threat of intruders in systems and networks and.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 What is a computer virus? Computer program Replicating Problematic "Event" Types Detection and prevention.

1 Higher Computing Topic 8: Supporting Software Updated

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

CSCE 522 Lecture 12 Program Security Malicious Code.

Viruses, Trojans and Worms The commonest computer threats are viruses. Virus A virus is a computer program which changes the way in which the computer.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.

30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 25 – Virus Detection and Prevention.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Malicious Software.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

VIRUSES AND SECURITY  In an information-driven world, individuals and organization must manage and protect against risks such as viruses, which are spread.

Role Of Network IDS in Network Perimeter Defense.

Computer virus Done: Aaesha Mohammed ID: H

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.

Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.

Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Chapter Objectives In this chapter, you will learn:

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

Computer Viruses.

Chap 10 Malicious Software.

Chap 10 Malicious Software.

Malicious Program and Protection

Presentation transcript:

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik

Project details Project Guide: Dr. V.Ch.VenkaiahDr. V.Ch.Venkaiah Description:  Study various detection mechanisms  Implement the mechanisms

Some important terms Backdoors/Trapdoors allow unauthorized access to the system. Logic bombs are programmed threats that lie dormant for an extended period of time until they are triggered.

Some important terms (Cont…) A Virus is a piece of code that inserts itself into a host [program] to propagate. The virus is executed along with the original program. Boot sector viruses insert themselves into the boot sector area and are activated when the system boots.

Some important terms (Cont…) Multi-partite Viruses refers to viruses that can use multiple means of infection, such as MBR, boot sector and parasitic Trojan horses are programs that appear to have one function but actually perform another function.

Some important terms (Cont…) A worm is a program that can run independently, will consume the resources of its host [machine] from within in order to maintain itself and can propagate a complete working version of itself on to other machines.

Some important terms (Cont…) Payload refers to what the virus does (besides propagation) once executed.  Do nothing  Playing with your data  Malicious damage

Detection of Internet Worms Traffic Analysis  Growth in traffic volume  Rise in number of scans and sweeps  Change in traffic patterns for some hosts  Predicting scans by analyzing the scan engine of the worm

Detection of Internet Worms Honeypots  Setup a seemingly vulnerable host on the network and log all the filesystem and network activity using low level tools  A picture of what happens when a worm strikes a real host, along with network signatures and binaries is obtained. This can be used to develop attack signatures

Detection of Internet Worms Worms don’t usually monitor DNS entries for new hosts. They simply scan. Black hole monitoring  Monitor the locally unused subnets within our address space.  Monitor the globally unused address space, or dark IP space, and to monitor that usage.

Detection of Internet Worms Signature-Based Detection  Network signatures  Log signatures from nonvulnerable servers  Filesystem signatures (used by any typical antivirus software)

Defenses against worms Host based  Personal Firewalls, antivirus software, privilege control Firewall and Network Defenses  Stop existing worms  Implement inbound and outbound rules  Reactive IDS

Defenses against worms Proxy-Based Defenses (application level)  Authentication  Mail-server proxies (can scan the s)  Web-based proxies (content screening)

Attacking the Worm Network Shutdown messages (stop the worm processes or halt the host) “I am already infected” Poison updates These methods can be unprofessional if our attacker gets out of our control

Virus Scanners Compare code to a database of known malicious code  Just matching strings in the code  Reasonably useful in days of floppies Identify viruses by their “signatures.” Search for these patterns in executable files. Watch for changes in files  Size, time of modification, etc. Monitor system for malicious actions

Virus Scanners Internals I/O Manager Kernel32.dllWin32 program File system driver Kernel Mode User mode Disk driver Hardware Read/Write request/reply

Virus Scanners Internals File system driver I/O Manager Virus scanner (File system filter)  File system filter scans a file whenever it is accessed.  If the file is infected, it returns the original file after cleaning it.  If it cannot be cleaned, it returns failure message and performs appropriate action such as quarantining or deleting the infected file.

Monitoring using compression enabled filesystem The virus can hide itself in other files by prepending itself to other executable. But this way there will be a change in the file size which can be easily recognized.

Monitoring using compression enabled filesystem To avoid detection a virus compresses the original file and then prepend the virus to it. Since the compression is performed to reduce the file size by the size of virus there will be no apparent change in file size When executed the virus code decompresses the original code and then executes it.

Monitoring using compression enabled filesystem Original file Original file compressed by the virus virus File sizes before compressed by the file system Compress file by the size of virus code

Monitoring using compression enabled filesystem Original file Original file compressed by the virus virus Original file Original file compressed by the virus virus File sizes on the disc after compressed by the file system File sizes before compressed by the file system Compression by filesystem Compression by virus

Monitoring using compression enabled filesystem In a compression enabled filesystem the file size differs from original to that on the disk which is compressed. When a virus hides itself in other file by compressing and prepending the virus code the file size may differ on the disk when compressed again by the filesystem