Presentation is loading. Please wait.

Presentation is loading. Please wait.

CVI / PRS Computer Virus Information / Propagation Research System Eric Miller and Brian Schill CS 522.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CVI / PRS Computer Virus Information / Propagation Research System Eric Miller and Brian Schill CS 522."— Presentation transcript:

1 CVI / PRS Computer Virus Information / Propagation Research System Eric Miller and Brian Schill CS 522

2 Why? There are many viruses that are not researched by the major virus detection companies. There are many viruses that are not researched by the major virus detection companies. We believe this project and research could eventually lead to more successful proactive virus detection systems. We believe this project and research could eventually lead to more successful proactive virus detection systems. Exploring the capabilities of VMWare. Exploring the capabilities of VMWare.

3 Setup and Tools VMWare – Virtual operating system VMWare – Virtual operating system CVI / PRS – Custom software for monitoring software CVI / PRS – Custom software for monitoring software Virus Types Virus Types

4 VMWare Windows 98 guest OS running on Windows XP host. Windows 98 guest OS running on Windows XP host. Disabled networking Disabled networking Easy restoration Easy restoration Controlled environment Controlled environment

5 CVI / PRS Java application that monitors virus activity on the guest OS Java application that monitors virus activity on the guest OS Run on the guest OS Run on the guest OS Watches for changes in the directory Watches for changes in the directory DirWatcher.java DirWatcher.java Virus Database Virus Database

6 Virus Research Example Virus types Win32 Win32 Worms Worms Scripts Scripts Example – Bee Example – Bee Undocumented virus Undocumented virus Run CVI / PRS for results Run CVI / PRS for results

7 Example – Continued Enter initial data into CVI / PRS Enter initial data into CVI / PRS

8 Example Continued Run CVI / PRS Run CVI / PRS

9 Interpretation of Results Win32 Win32 Typically deleted executables Typically deleted executables Damaged system files/registries Damaged system files/registries Corrupted system beyond repair after several reboots Corrupted system beyond repair after several reboots Worms Worms Affected networking files (IPConfig, Traceroute, etc) Affected networking files (IPConfig, Traceroute, etc) Deleted executables Deleted executables Scripts Scripts Replicated themselves efficiently Replicated themselves efficiently Search through file systems to attach themselves to other scripting files Search through file systems to attach themselves to other scripting files Our program effectively identified changes to the OS Our program effectively identified changes to the OS

10 Future Improvements Differentiate between regular and irregular activity Differentiate between regular and irregular activity Various launching capabilities Various launching capabilities Better database scheme Better database scheme XML XML Interpret results Interpret results Severity report, future capability prediction Severity report, future capability prediction Include database for cross-virus predictions and observations Include database for cross-virus predictions and observations Run the program from the host operating system, monitoring the guest operating system Run the program from the host operating system, monitoring the guest operating system Difficult restart Difficult restart Monitor network ports and registry files Monitor network ports and registry files

11 Footnotes Thank you to individuals previously involved in the project Thank you to individuals previously involved in the project Ben Abernathy Ben Abernathy Zach Thomas Zach Thomas Michael May Michael May Initial source code Initial source code Viruses Viruses

Download ppt "CVI / PRS Computer Virus Information / Propagation Research System Eric Miller and Brian Schill CS 522."

Similar presentations

Viruses. Viruses, Trojans, Worms Virus - a program that attaches itself to a host, and copies itself onto new files/disks Macro viruses - small program.

Viruses. Viruses, Trojans, Worms Virus - a program that attaches itself to a host, and copies itself onto new files/disks Macro viruses - small program.
By: Jason Boylan and Jeff George. Table of Contents  Definition  History  Vulnerability  How it works  Types of viruses  Virus Removal  Summary.

By: Jason Boylan and Jeff George. Table of Contents  Definition  History  Vulnerability  How it works  Types of viruses  Virus Removal  Summary.
CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs.

CTP FALL Firewalls Filtering Properties Anti-virus Programs.
Chapter 11: Maintaining and Optimizing Windows Vista

Chapter 11: Maintaining and Optimizing Windows Vista
Overview Basic functions Features Installation: Windows host and Linux host.

Overview Basic functions Features Installation: Windows host and Linux host.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
CS266 Software Reverse Engineering (SRE) Identifying, Monitoring, and Reporting Malware Teodoro (Ted) Cipresso,

CS266 Software Reverse Engineering (SRE) Identifying, Monitoring, and Reporting Malware Teodoro (Ted) Cipresso,
 What is Computer Security  Key Components  Levels  Challenges  Attacks  Desktop Security  Why it is important  Virus/Worms/Trojans  Tips  Web.

 What is Computer Security  Key Components  Levels  Challenges  Attacks  Desktop Security  Why it is important  Virus/Worms/Trojans  Tips  Web.
1 Virtualization and Virtual Machines Sarah Diesburg 1/10/2013 COP 5641.

1 Virtualization and Virtual Machines Sarah Diesburg 1/10/2013 COP 5641.
To run the program: To run the program: You need the OS: You need the OS:

To run the program: To run the program: You need the OS: You need the OS:
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Space Science and Engineering Center University of Wisconsin-Madison Virtual Machines: A method for distributing DB processing software Liam Gumley.

Space Science and Engineering Center University of Wisconsin-Madison Virtual Machines: A method for distributing DB processing software Liam Gumley.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Malware Fighting Spyware, Viruses, and Malware Ch 4.

Malware Fighting Spyware, Viruses, and Malware Ch 4.
Spyware Sue Scott Technology Librarian. What is Spyware Malware – (Malicious Software) A general term to encompass unwanted software on a personal computer.

Spyware Sue Scott Technology Librarian. What is Spyware Malware – (Malicious Software) A general term to encompass unwanted software on a personal computer.
Hands-On Virtual Computing

Hands-On Virtual Computing
Cap 333 Network Administration. Solution Rules  Your solution must be typed by computer. Otherwise, it will not be accepted.  If the question is a project.

Cap 333 Network Administration. Solution Rules  Your solution must be typed by computer. Otherwise, it will not be accepted.  If the question is a project.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.

Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
 a crime committed on a computer network, esp. the Internet.

 a crime committed on a computer network, esp. the Internet.

Similar presentations

Ads by Google