Presentation is loading. Please wait.

Presentation is loading. Please wait.

Techniques, Tools, and Research Issues

Published byKevin Stafford Modified over 6 years ago

Similar presentations

Presentation on theme: "Techniques, Tools, and Research Issues"— Presentation transcript:

1 Techniques, Tools, and Research Issues
Virus Analysis Techniques, Tools, and Research Issues Part V: Research Issues Michael Venable Arun Lakhotia University of Louisiana at Lafayette, USA

2 Research Issues in Virus Analysis
Revisit: Processes Classification of Problem Space Current State of Technologies Survey of Research Distributed Virus Analysis

3 AV Detection Process ANALYSIS LAB Sample Malicious: yes/no
Removal Instructions DESKTOP Clean File Disinfector Signature Infected File File/Message Malicious: yes/no Scanner

4 Malware Analysis Process
Reset Lab Environment Static Analysis Set up network observation tools Set up process observation tools Run program Observe network traffic Observe process actions Identify services requested Create/revise client on Linux Create DNS tables Run client Run services on Linux

5 Research Issues: AV Lab
Sample Collection and Filtering Analysis Fingerprint Extraction Payload Identification Signature Distribution Evaluation of AV Scanners

6 Research Issues: Desktop
Prevention Detection Heuristic Disinfection Recovery

7 Current State of AV Technology
Copyright © 2004, Carey Nachenberg, Symantec Presented: Worm 2004 Process Capture, Analyze, Create signature, Test, Roll-out Detection technology – not just grep! These technologies are used in client AV software; these are not back-end server technologies! Multi-String search Scalpel scanning (precision scanning at the entrypoint) X-Ray (plaintext crypto attack on virus/worm) CPU emulation P-CODE-driven detection Decide where and when to scan/emulate Hand-code detections in P-CODE Timeframe 5 minutes to several weeks (!) to write a signature Several hours or more for false positive/negative testing

8 Current State: Desktop
Copyright © 2004, Carey Nachenberg, Symantec Presented: Worm 2004 Heuristics Dynamic heuristics Leverage CPU emulator to coax file-based threat into displaying bad behaviors Static heuristics Use signatures to detect known-bad sequences of code Applied to macro, script, and binary threats Behavior blocking 1st generation systems today Stop threats by intercepting and blocking system calls Policy-based blocking prevalent Simple buffer-overflow protection (software/NX)

9 Current State: AV Lab Signature Updates Volume Scalability Compression
Copyright © 2004, Carey Nachenberg, Symantec Presented: Worm 2004 Signature Updates Volume We push up to 1.4B (virus definition) updates every day Up to 60 terabytes of data sent down every day! That’s up to 6 times the total amount of printed material in the Library of Congress per day Scalability Leverage Akamai’s 14,000 servers in 1,100 networks Compression Employ incremental update technologies and compression (~85-90% percent reduction) Some vendors ship “single definition packages”

10 Current State: AV Lab Automation Submission filtering Analysis
Copyright © 2004, Carey Nachenberg, Symantec Presented: Worm 2004 Automation Submission filtering Automatic filtering of customer submissions (95%) Application of super-sensitive heuristics for triage purposes Analysis Auto-replication of threats in VMs Macro-based threats, binary threats Auto-fingerprint generation with provably-low false positive rates Leverages Markov chaining approach Quality Assurance Automated, parallel testing Huge corpora of files for false positive testing

11 Survey of Research TBD

12 Summary AV Processes Interesting problems along the processe
Rethinking AV Process

Download ppt "Techniques, Tools, and Research Issues"

Similar presentations

Chapter 15 Computer Security Techniques

Chapter 15 Computer Security Techniques
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.

1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
By:Tanvi lotliker TE COMPUTER

By:Tanvi lotliker TE COMPUTER
Client-Server collaborative scanning Dumitru Codreanu R&D, BitDefender.

Client-Server collaborative scanning Dumitru Codreanu R&D, BitDefender.
Beyond Anti-Virus by Dan Keller 1987- Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

Beyond Anti-Virus by Dan Keller Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)

Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Dr. XiaoFeng Wang AGIS: Towards Automatic Generation of Infection Signatures Zhuowei Li 1,3, XiaoFeng Wang 1, Zhenkai Liang 4 and Mike Reiter 2 1 Indiana.

Dr. XiaoFeng Wang AGIS: Towards Automatic Generation of Infection Signatures Zhuowei Li 1,3, XiaoFeng Wang 1, Zhenkai Liang 4 and Mike Reiter 2 1 Indiana.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Computer Viruses Preetha Annamalai Niranjan Potnis.

Computer Viruses Preetha Annamalai Niranjan Potnis.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Similar presentations

Ads by Google