Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.

Published byRoland Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology."— Presentation transcript:

1 Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology

2 Outline Problem and Background Threat Model System Architecture Conclusions and Future work

3

4 Antivirus Virus Signatures

5 Antivirus (cont.) On-access Scanner – Scan on file system operations – Open, read, write, close, etc. On-demand – Scan on user request

6 Problem in Scanning Network Traffic Al-Saleh et al., “Investigating the detection capabilities of antiviruses under concurrent attacks”. IET IFS Journal, 2014. AntivirusDetect? Kaspersky Anti-Virus 6.0No Symantec Endpoint Protection 11.0No Sophos Endpoint Security, and Control 10.0No Panda Internet Security 2014No Avg Internet Security 2014No BitDefender Internet Security 2014No Avast Internet Security 2014No TotalDefense Internet SecurityNo

7 Problem (cont.) Most malware infect victims through networks – Worm – Adware – Trojan Horse – Spam – Botnet – Etc.

8 Why? Is it hard to scan network traffic? – How hard is it? Drop security for performance? – How much performance degradation when scanning network traffic? Still speculation! – Exact reason is NOT known

9 Solution Very simple – It is a MUST to scan network traffic How? – Hmmmm, needs more thinking…

10 Threat Model

11 Basic Idea Simply, we need a way to tell the AV to scan network data. – Discrete packets (IP level) ineffective scanner; – Malware spans different packets – Out of order – Higher level (TCP) Builds state machine Maintains order Separates connections Separates inbound from outbound traffic

12 Packet Capturing (pcap) Kernel modules – passively capture network traffic and pass them to user space processes through a well-defined Application Programming Interface (API) Examples: Tcpdump and Wireshark Use such libraries to build a state machine for TCP connections

13 ClamAV The most popular open-source AV – www.clamav.net www.clamav.net Allows agents to make use of it programmatically – Link to the ClamAV shared library – ClamAV daemon along with the database of virus signatures are loaded once and shared with the user agents.

14 System Architecture

15 Conclusion and Future Work Antivirus software MUST scan network traffic The proposed system will be implemented Performance impact should be studied

16 Acknowledgements Jordan University of Science and Technology for the financial support

17 Thanks

Download ppt "Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Warren Toomey North Coast TAFE Port Macquarie campus

Warren Toomey North Coast TAFE Port Macquarie campus
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
By Joshua T. I. Towers. 13.3 $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Nasca 2007 100 200 300 400 500 Internet Networking and Security viruses.

Nasca Internet Networking and Security viruses.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
EICAR 2009, 12 May 2009 Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd.

EICAR 2009, 12 May 2009 Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd.
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Similar presentations

Ads by Google