Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Published byShona McCarthy Modified over 9 years ago

Similar presentations

Presentation on theme: "Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik."— Presentation transcript:

1 Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik

2 Project details Project Guide: Dr. V.Ch.VenkaiahDr. V.Ch.Venkaiah Description:  Study various detection mechanisms  Implement the mechanisms

3 Some important terms Backdoors/Trapdoors allow unauthorized access to the system. Logic bombs are programmed threats that lie dormant for an extended period of time until they are triggered.

4 Some important terms (Cont…) A Virus is a piece of code that inserts itself into a host [program] to propagate. The virus is executed along with the original program. Boot sector viruses insert themselves into the boot sector area and are activated when the system boots.

5 Some important terms (Cont…) Multi-partite Viruses refers to viruses that can use multiple means of infection, such as MBR, boot sector and parasitic Trojan horses are programs that appear to have one function but actually perform another function.

6 Some important terms (Cont…) A worm is a program that can run independently, will consume the resources of its host [machine] from within in order to maintain itself and can propagate a complete working version of itself on to other machines.

7 Some important terms (Cont…) Payload refers to what the virus does (besides propagation) once executed.  Do nothing  Playing with your data  Malicious damage

8 Detection of Internet Worms Traffic Analysis  Growth in traffic volume  Rise in number of scans and sweeps  Change in traffic patterns for some hosts  Predicting scans by analyzing the scan engine of the worm

9 Detection of Internet Worms Honeypots  Setup a seemingly vulnerable host on the network and log all the filesystem and network activity using low level tools  A picture of what happens when a worm strikes a real host, along with network signatures and binaries is obtained. This can be used to develop attack signatures

10 Detection of Internet Worms Worms don’t usually monitor DNS entries for new hosts. They simply scan. Black hole monitoring  Monitor the locally unused subnets within our address space.  Monitor the globally unused address space, or dark IP space, and to monitor that usage.

11 Detection of Internet Worms Signature-Based Detection  Network signatures  Log signatures from nonvulnerable servers  Filesystem signatures (used by any typical antivirus software)

12 Defenses against worms Host based  Personal Firewalls, antivirus software, privilege control Firewall and Network Defenses  Stop existing worms  Implement inbound and outbound rules  Reactive IDS

13 Defenses against worms Proxy-Based Defenses (application level)  Authentication  Mail-server proxies (can scan the emails)  Web-based proxies (content screening)

14 Attacking the Worm Network Shutdown messages (stop the worm processes or halt the host) “I am already infected” Poison updates These methods can be unprofessional if our attacker gets out of our control

15 Virus Scanners Compare code to a database of known malicious code  Just matching strings in the code  Reasonably useful in days of floppies Identify viruses by their “signatures.” Search for these patterns in executable files. Watch for changes in files  Size, time of modification, etc. Monitor system for malicious actions

16 Virus Scanners Internals I/O Manager Kernel32.dllWin32 program File system driver Kernel Mode User mode Disk driver Hardware Read/Write request/reply

17 Virus Scanners Internals File system driver I/O Manager Virus scanner (File system filter)  File system filter scans a file whenever it is accessed.  If the file is infected, it returns the original file after cleaning it.  If it cannot be cleaned, it returns failure message and performs appropriate action such as quarantining or deleting the infected file.

18 Monitoring using compression enabled filesystem The virus can hide itself in other files by prepending itself to other executable. But this way there will be a change in the file size which can be easily recognized.

19 Monitoring using compression enabled filesystem To avoid detection a virus compresses the original file and then prepend the virus to it. Since the compression is performed to reduce the file size by the size of virus there will be no apparent change in file size When executed the virus code decompresses the original code and then executes it.

20 Monitoring using compression enabled filesystem Original file Original file compressed by the virus virus File sizes before compressed by the file system Compress file by the size of virus code

21 Monitoring using compression enabled filesystem Original file Original file compressed by the virus virus Original file Original file compressed by the virus virus File sizes on the disc after compressed by the file system File sizes before compressed by the file system Compression by filesystem Compression by virus

22 Monitoring using compression enabled filesystem In a compression enabled filesystem the file size differs from original to that on the disk which is compressed. When a virus hides itself in other file by compressing and prepending the virus code the file size may differ on the disk when compressed again by the filesystem

Download ppt "Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik."

Similar presentations

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Viruses.

Computer Viruses.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
After this session, you should be able to:

After this session, you should be able to:
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
Definitions  Virus A small piece of software that attaches itself to a program on the computer. It can cause serious damage to your computer.  Worm.

Definitions  Virus A small piece of software that attaches itself to a program on the computer. It can cause serious damage to your computer.  Worm.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Similar presentations

Ads by Google