Presentation is loading. Please wait.

Presentation is loading. Please wait.

Colored Petri nets as the enabling technology in Intrusion Detection Systems Andrey M. Dolgikh MS in Computer Engineering Degree and Specialization Sought:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Colored Petri nets as the enabling technology in Intrusion Detection Systems Andrey M. Dolgikh MS in Computer Engineering Degree and Specialization Sought:"— Presentation transcript:

1 Colored Petri nets as the enabling technology in Intrusion Detection Systems Andrey M. Dolgikh MS in Computer Engineering Degree and Specialization Sought: Doctor of Philosophy in Electrical & Computer Engineering

2 Signature database Conventional antivirus Perfect match – virus detected Program _____ BRAKEITBRAKEIT Match Virus

3 Part of program Virus body detected Signature BRAKEIT BRAKEIT

4 Part of program Signature BRAKEIT BRaKEiT

5 Utilization of binary signatures (source: Kaspersky Lab) Current IDS depend on ever-growing databases of binary signatures

6 Utilization of Malicious functionalities (source: Trend Micro Inc.) 2007 2008 2009

7 Understanding behavior Sentence: – Send the password to the Internet Words: – Password, Internet, The, Send, To Letters: – PasswordInternetTheSendTo

8 Behavior File Objects Memory Sections Handle 1Handle 2 Handle 1Handle 5 System Service Executive Kernel mode User mode Operations System Calls API1 API3 API2 API6 API7 API calls Open/readCmd /c dirOpen/write Functionality level VirusMS Excel somesswordsendint usefuthingpaldoernet something password useful do send internet MS Excel: Do something useful Virus: Send password to Internet something do useful password send internet In natural language

9 Call #8 Chain 5,11 Call #22 Functionality Call #11 Call #5 Functionality: How to model functionalities? - Via CPN. How CPN works? – it assembles appropriate system calls into functionality

10 Questions ???

Download ppt "Colored Petri nets as the enabling technology in Intrusion Detection Systems Andrey M. Dolgikh MS in Computer Engineering Degree and Specialization Sought:"

Similar presentations

Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
5 th Grade Etiwanda School District. Match the Word with its definition The study or use of scientific discoveries The use of reason in understanding.

5 th Grade Etiwanda School District. Match the Word with its definition The study or use of scientific discoveries The use of reason in understanding.
Computer Viruses.

Computer Viruses.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
Nasca 2007 100 200 300 400 500 Internet Networking and Security viruses.

Nasca Internet Networking and Security viruses.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Anti Virus Techniques Jordan & Ryan Use of Checksum The Binary for key files is added up to a number especially in the boot files When these files are.

Anti Virus Techniques Jordan & Ryan Use of Checksum The Binary for key files is added up to a number especially in the boot files When these files are.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Installing Samba Vicki Insixiengmay Jonathan Krieger.

Installing Samba Vicki Insixiengmay Jonathan Krieger.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1GMS-VU : Module 2 Introduction to Information and Communication Technologies Module 2 Computer Software.

1GMS-VU : Module 2 Introduction to Information and Communication Technologies Module 2 Computer Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Cyber Patriot Training

Cyber Patriot Training
HealthInfoNet’s Behavioral Health Information Technology Help Desk Users December 12, 2014 Dial: 1.866.740.1260 Enter access code 5488051#

HealthInfoNet’s Behavioral Health Information Technology Help Desk Users December 12, 2014 Dial: Enter access code #
©2003 CNET Networks, Inc. All rights reserved. Virus Basics Created by: Robert L. Bogue, MCSE: Security, etc. Crowe Chizek.

©2003 CNET Networks, Inc. All rights reserved. Virus Basics Created by: Robert L. Bogue, MCSE: Security, etc. Crowe Chizek.
Computer Viruses Preetha Annamalai Niranjan Potnis.

Computer Viruses Preetha Annamalai Niranjan Potnis.
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

Similar presentations

Ads by Google