Trojan Horses/Worms Vadolas Margaritis Bantes George.

Slides:

Advertisements

Similar presentations

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Advertisements

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Introduction to Security Computer Networks Computer Networks Term B10.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

Applied Cryptography for Network Security

1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

CPSC 441 TUTORIAL TA: FANG WANG NETWORK SECURITY.

Norman SecureSurf Protect your users when surfing the Internet.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Cryptography and Network Security

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

BUSINESS B1 Information Security.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

Types of Electronic Infection

Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

The UCSD Network Telescope A Real-time Monitoring System for Tracking Internet Attacks Stefan Savage David Moore, Geoff Voelker, and Colleen Shannon Department.

Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Topic 5: Basic Security.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Information Security in Distributed Systems Distributed Systems1.

Computer Skills and Applications Computer Security.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

A Computer Virus is a software program that is designed to copy itself over and over again and to attach itself to other programs. They don’t affect hardware,

Chapter 40 Network Security (Access Control, Encryption, Firewalls)

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

Understand Malware LESSON Security Fundamentals.

Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.

1 Monitoring and Early Warning for Internet Worms Authors: Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst Publish: 10th.

SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.

Role Of Network IDS in Network Perimeter Defense.

Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

Operating Systems Services provided on internet

Computer Applications Unit B

Faculty of Science IT Department By Raz Dara MA.

Modeling, Early Detection, and Mitigation of Internet Worm Attacks

Introduction to Internet Worm

Worms, Viruses and Other Creepy Computer Things:

Presentation transcript:

Trojan Horses/Worms Vadolas Margaritis Bantes George

Worms In the last years, computer worms have infected hundreds of thousands Internet servers and personal computers in just a few minutes, resulting in financial damages of approximately one billion dollars for business, governments and service providers

Worms 2 CodeRed - more than 359,000 internet servers infected in just 14 hours Slammer - 55 million scans per second in just a few minutes

Worms The term ‘worm’ came out from a science fiction novel in 1975, named The Shockwave Rider, written by John Brunner Researchers John Shock and Jon Hupp of Xerox PARC, chose the name for one of their papers, which was published in 1982, titled The Worm Programs Since then it has become globally adopted

Worms A computer worm is actually a self- replicating computer program It exploits networks to send copies of itself to other hosts, most of the times without the user’s awareness Unlike a virus, a worm doesn’t need to be attached to an existing program

Worms Worms most of the times harm networks, like consuming bandwidth instead of viruses which harm personal computers, corrupting or modifying files. Worms often result in Distributed Denial of Service for the hosts of a network

Requirements for an effective solution against worms Robustness and resilience in performing security functions in the internet Robustness and resilience in performing security functions in the internet Trust integration and alert-correlation methodologies to achieve mutual cooperation among many sites Trust integration and alert-correlation methodologies to achieve mutual cooperation among many sites Fast anomaly detection and distributed denial- of-service (DDos) defense to achieve awareness to unexpected worm or flooding attacks Fast anomaly detection and distributed denial- of-service (DDos) defense to achieve awareness to unexpected worm or flooding attacks

Requirements for an effective solution against worms Fast worm-signature detection and dissemination, to achieve efficiency and scalability Fast worm-signature detection and dissemination, to achieve efficiency and scalability Proper traffic monitoring to track DDos attack- transit routers Proper traffic monitoring to track DDos attack- transit routers

Defending against worms Recent research indicates that automatic worm signatures generation using payload (code written to do more than spreading the worm) and address dispersion can provide satisfactory results

Defending against worms But most scanning worms are first dispersed over the internet and then start spreading It becomes a difficult task to observe important anomalies and gather enough payload contents at various individual edge networks Information must be synthesized by multiple edge networks for fast and accurate detection of worm signatures

NetShield defense system NetShield defense system aims: Restrain the spread of worms Restrain the spread of worms Provide effective defense against Distributed Denial-Of-Service (DDos) attacks

NetShield defense system System employs two component sub- systems: a system specialized in worm signatures detection and dissemination, the WormShield system a traffic-monitoring scheme to detect DDos attacks.

NetShield defense system The system uses distributed peer-to-peer networks with Distributed Hash Tables Purpose of this design quick and resilient look-up services

The NetShield system architecture

The WormShield subsystem Designed to identify and restrain unknown worms before they infect more vulnerable hosts Uses a set of geographically distributed monitors located in various administrative domains Monitors are organized in into a structured peer- to-peer overlay network which is based on the Chord algorithm Each of the monitors is positioned on the demilitarized zone (DMZ) of the edge network and it analyzes all packets that pass through it

The WormShield subsystem Each monitor uses the Rabin footprint algorithm to compute the packet payloads from the content blocks Local prevalence tables which track number of occurrences in a content block and are updated constantly by information provided from the monitor at the specific block A monitor also keeps the set of source addresses and destination addresses for the content block is observes

The WormShield Architecture

Other worm defense systems Earlybird and Autograph Incoming packet analysis Payload-content prevalence and address dispersion

Other worm defense systems Trend Detection A worm monitoring system and early warning system Based on worm-spreading dynamic models Detects a worm in its early stage Uses a Kalman filter estimation algorithm.

Other worm defense systems Columbia Worm Vaccine Microsoft Shield System End-user oriented approach Preventing a host from being infected

Trojan Horse Attack Strategy on Quantum privative communication In the privative communication systems attackers try to break the computer systems for their benefits For the protection of those systems cryptography has been employed widely to privet these attack strategies to privet these attack strategies

Attacks The attacks can be categorized in three different types of attack strategies, the strategy based on fundamentals three different types of attack strategies, the strategy based on fundamentals drawbacks (SFD), the strategy based on obtained information (SOI), and the drawbacks (SFD), the strategy based on obtained information (SOI), and the strategy based on assistant systems (SAS), one typical example of (SAS) is the Trojan horses attacks. strategy based on assistant systems (SAS), one typical example of (SAS) is the Trojan horses attacks.

Attack strategies One of those attack strategies is the Trojan horse when hidden in the system attacker can break the system and obtain important information, this attack is available in the private quantum communication

Trojan horses A Trojan horse is a small program that if insert by attacker in one computer program can copy, misuse and destroy data.

Trojan horses There are two kinds of Trojan horse, the pre- liked Trojan horse is a robot horse which is praised in the programs of the user, such liked Trojan horse is a robot horse which is praised in the programs of the user, such as computer programs as computer programs And the online Trojan horse that is actually a probing signal which may enter to the confidential system without awareness of legitimate communications and then back- reflect to the attacker And the online Trojan horse that is actually a probing signal which may enter to the confidential system without awareness of legitimate communications and then back- reflect to the attacker to the attacker

Trojan horses If a Trojan horse enters in the computer system the attacker may break the cryptosystem If a Trojan horse enters in the computer system the attacker may break the cryptosystem and obtain important information by means to the feedback information of the robot horse and obtain important information by means to the feedback information of the robot horse this called THAS. this called THAS.

Protection of the quantum private communication against Trojan horse attack For the protection of the quantum private communication against Trojan horse attack, used a quantum cryptographic key algorithm For the protection of the quantum private communication against Trojan horse attack, used a quantum cryptographic key algorithm with EPR pair(s). with EPR pair(s). The Quantum cryptography is based on the laws of quantum physics using photons to transmit information

Protection of the quantum private communication against Trojan horse attack With Quantum cryptography we can create a communication chancel where it is impossible to eavesdrop without disturbing the transmission. to eavesdrop without disturbing the transmission. On this idea is based the quantum key algorithm.On this idea is based the quantum key algorithm.

Protection of the quantum private communication against Trojan horse attack In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. shared between the two parties using some secure channel before it needs to be used. Those system always use symmetric key cryptographic algorithms.