Presentation is loading. Please wait.

Presentation is loading. Please wait.

BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.

Published byJoel Short Modified over 8 years ago

Similar presentations

Presentation on theme: "BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING."— Presentation transcript:

1 BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING

2  Antivirus approaches  Generic decryption  Digital Immune System  Worm counter measures

3  Ideal solution to threat of viruses is prevention  Three basic steps:  i)Detection:-determine and locate the virus.  ii)identification:-identify the specific virus that infected the program  iii)removal:-remove all the traces of the virus from the infected program & restore to original state.

4  This technology enables the antivirus program to easily detect even the complex virus while maintaining its fast scanning speed.  Executable files run through a GD scanner, which consist of the following elements:  CPU Emulator: -A software based virtual computer -instructions in an executable file are interpreted by emulator rather than executed by underlying cpu

5 -it includes all register and processor hardware so that underlying cpu is unaffected by programs interpreted by emulator.  Virus signature scanner:- a module that scans the target code looking for known virus signatures.  Emulation control module:- controls the execution of the target code. Disadv with the scanner is to determine how long to run each interpretation.

6  It is a comprehensive approach to virus protection developed by IBM.  Motivation is the rising threat of internet based virus propagation.  2 major trends in internet technology that had an impact on virus propagation is: 1.Integrated mail system-systems such as Ms outlook make it simple to send anything to anyone and receive. 2.mobile-program system-capabilities such as java program to move on their own from 1 system to another.

7

8  1. A monitoring program on each PC uses a variety of heuristics based on system behavior, suspicious changes to programs, or family signature to infer that a virus may be present. -The monitoring program forwards a copy of any program thought to be infected to an administrative machine within the organization.  2. The administrative machine encrypts the sample and sends it to a central virus analysis machine.  3. This machine creates an environment in which the infected program can be safely run for analysis.

9  Techniques include emulation, or the creation of a protected environment within which the suspect program can be executed and monitored.  The virus analysis machine then produces a prescription for identifying and removing the virus.  4. The resulting prescription is sent back to the administrative machine.  5. The administrative machine forwards the prescription to the infected client.

10  6. The prescription is also forwarded to other clients in the organization.  7. Subscribers around the world receive regular antivirus updates that protect them from the new virus.

11  Behavior blocking software integrates with the operating system of a host computer and monitors program behavior in real time for malicious actions.  The behavior-blocking software then blocks potentially malicious actions before they have a chance to affect the system.  Monitored behaviors can include  Attempts to open, view, delete, and/or modify files;  Attempts to format disk drives and other unrecoverable disk operations;  Modifications to the logic of executable files or macros;

12

13  Behaviour blocking software runs on any server or software computer and is instructed through policies set by the administrator to benign actions take place when any unauthorized or Suspicious action occurs  The module blocks any suspicious software from executing.  A blocker isolates the code in the sandbox which restricts the codes access to various os resources and applications.  The blocker then sends an alert.

14  Requirements for an effective worm countermeasure scheme: 1. Generality-approach taken should be able to handle wide variety of worm attacks. 2. Timeliness-approach should response quickly so as to limit the number of transmission from infected system. 3. resiliency-approach should be resistant to evasion techniques employed by attackers to evade worm countermeasures.

15 1. Signature-based worm scan filtering  This type of approach generates a worm signature, which is then used to prevent worm scans from entering/leaving a network/host.  Typically, this approach involves identifying suspicious flows and generating a worm signature.  This approach is vulnerable to the use of polymorphic worms 2.Filter-based worm containment  The filter checks a message to determine if it contains worm code.  This approach can be quite effective but requires efficient detection algorithms and rapid alert dissemination.

16  3. Payload-classification-based worm containment:  These network-based techniques examine packets to see if they contain a worm.Various anomaly detection techniques can be used, but care is needed to avoid high levels of false positives or negatives.  This approach does not generate signatures based on byte patterns but rather looks for control and data flow structures that suggest an exploit.  4. Threshold random walk (TRW) scan detection:  TRW exploits randomness in picking destinations to connect to as a way of detecting if a scanner is in operation  Suitable for deployment in high-speed, low-cost network devices.  It is effective against the common behavior seen in worm scans.

17  E. Rate limiting:  This class limits the rate of scan like traffic from an infected host.  Various strategies can be used, including limiting the number of new machines a host can connect to in a window of time, detecting a high connection failure rate, and limiting the number of unique IP addresses a host can scan in a window of time.  May introduce longer delays for normal traffic.  Not suited for slow, stealthy worms that spread slowly to avoid detection based on activity level

18  Question: What is a digital immune system?(5mks) Information provided from txt book opearting system by William stallings Chp 15.(computer security techniques) Pg 686

19

Download ppt "BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING."

Similar presentations

Chapter 15 Computer Security Techniques

Chapter 15 Computer Security Techniques
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,

Malicious Software programs exploiting system vulnerabilities known as malicious software or malware program fragments that need a host program e.g. viruses,
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.

Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
By:Tanvi lotliker TE COMPUTER

By:Tanvi lotliker TE COMPUTER
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
eScan Total Security Suite with Cloud Security

eScan Total Security Suite with Cloud Security
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
Malicious Software Malicious Software Han Zhang & Ruochen Sun.

Malicious Software Malicious Software Han Zhang & Ruochen Sun.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Similar presentations

Ads by Google