SlideShare ist ein Scribd-Unternehmen logo

Signature based virus detection and protection system

Als PPT, PDF herunterladen
Md. Hasan Basri (Angel)
Md. Hasan Basri (Angel)

File signature based computer male-ware detection and protection system.

Technologie
1 von 19
1
• Overview • Infection Strategies • Evaluation of Virus • Virus News & Statistics • Identification Methods • Project Overview • Data Flow Diagram (DFD) • Design the Proposed System • Conclusion • Future Work 2
• A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. • The term "virus" is also commonly but incorrectly used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. • A true virus can only spread from one computer to another (in some form of executable code) . 3
Internet/FTP Flash Drive Floppy Disk Email/IM CD/DVD Pirated Software LAN/File Sharing 4
Resource DLL, OCX.. 2 In order to replicate itself, a … virus must be permitted to 1 execute code and write to memory. For this reason, 3 many viruses attach Virus Object themselves to executable files File that may be part of lawful programs. If a user attempts to launch an infected program, the virus' code may 5 be executed simultaneously.
Figure : Virus Encounter Vectors The following graph depicts security vulnerabilities experienced by actual enterprise customers as surveyed by ICSA Labs for the years 1996 through 2002. 6
Figure : Impact of Client Computing Vulnerabilities Ref: ICSA Labs Virus Prevalence Survey 2002 7
1. The first virus was born in the very beginning of 1970s. 2 Creeper was an experimental self-replicating program written by Bob Thomas at BBN in 1971. 3. Creeper gained access via the ARPANET and copied itself to the remote system. 4. The Reaper program was created to delete Creeper. [First Antivirus] 5. "Rother J" was the first computer virus to appear first time the lab where it was created. Written in 1981 by Richard Skrenta, 6. The first PC virus in the wild was a boot sector virus dubbed Brain. created in 1986 by the Farooq Alvi Brothers. 7. Macro viruses have become common since the mid-1990s. 8
• It is estimated that PC Viruses cost businesses approximately $55 Billion in damages in 2003. • Processing between 50,000 and 60,000 new copies per hour, "W32/Mydoom.A has exceeded the infamous SoBig.F virus in terms of copies intercepted, and the number continues to rise." • Message Labs collected over 1.2 Million copies of W32/Mydoom.A-mm • At its peak infection rate, about 1 in 12 emails on the Internet were MyDoom Viruses 9
10
Figure : Virus Signature Definition A signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus. Format: <Virus CRC16/CRC32 Hash Value> | <Virus Name> 0095C3A4|STONED.LESZOP.A 0086C7BE|STONED.MARCH6.A 11
Search Memory Search File Search Registry Search Content Based Icon Based 12
Pe n D rive, Flash e etc. driv 1 Removable Drive Scan M Delete virus Searching for worm as soon 1 Removable as it plug-in to the system and M Delete Dependencies Drive block auto-run activity. 2 Search Dependencies pI nfo. Startu 2 Startup scan M Kill Process Tree Scanning files and process at 1 System startup registry path.. M Delete Files Registry 2 M Delete Reg. Keys 3 13
ss Li s t 3 Real Time Monitor Proce MILSPEC-MINING Apply M Kill Process Tree Running 1 to monitor process M Delete Files Process behaves 2 Search M Delete Reg. Keys Dependencies 3 ory 4 Scan For Drive Direct Use dictionary scan to M Kill Process Tree ch 1 Local Sear match with existing virus M Delete Files Disk Drive signature or Icon. 2 Search M Delete Reg. Keys Dependencies 3 14
et 5 Scan with sample Targ t Scan with file name / icon M Kill Process Tree en 1 Local Cont / size / visibility etc. M Delete Files Disk Drive 2 M Delete Reg. Keys Directory 3 Search Local Drives 15
To store the virus signature a collection of flat file is used and the attributes are separated by each other using pipeline “ | ‘’ symbol. Some Example are mentioned below, • 5B110B72|DENZUK.E • 5B0DE15C|PINGPONG.A • 5BEB04FF|WIN95.TWINNY.1638449 • 5B807327|WIN32.BOLZANO.3628 • 5B33914C|GENE.948 Where the first portion before ‘|’ (Pipeline), is used virus signature in CRC16 form and another portion is mentioned as virus code name. There are approximately 30’00 virus signatures are included in this project. 16
17
18
19

Empfohlen

Virus detection system
Virus detection systemVirus detection system
Virus detection system
Akshay Surve
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methods
Somanath Kavalase
 
A trust system based on multi level virus detection
A trust system based on multi level virus detectionA trust system based on multi level virus detection
A trust system based on multi level virus detection
UltraUploader
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus Software
Pradeepkrajyaguru
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
khalid umer
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?
culltdueet65
 
Avast! antivirus protection
Avast! antivirus protectionAvast! antivirus protection
Avast! antivirus protection
Pusat Latihan Teknologi Tinggi (Adtec) Taiping
 
Antivirus
AntivirusAntivirus
Antivirus
ava & araf co.
 

Empfohlen

Virus detection system
Virus detection systemVirus detection system
Virus detection system
Akshay Surve
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methods
Somanath Kavalase
 
A trust system based on multi level virus detection
A trust system based on multi level virus detectionA trust system based on multi level virus detection
A trust system based on multi level virus detection
UltraUploader
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus Software
Pradeepkrajyaguru
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
khalid umer
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?
culltdueet65
 
Avast! antivirus protection
Avast! antivirus protectionAvast! antivirus protection
Avast! antivirus protection
Pusat Latihan Teknologi Tinggi (Adtec) Taiping
 
Antivirus
AntivirusAntivirus
Antivirus
ava & araf co.
 
Antivirus
AntivirusAntivirus
Antivirus
Meti Liona
 
Virus and types of antivirus
Virus and types of antivirusVirus and types of antivirus
Virus and types of antivirus
Shabnam Bashir
 
Anti virus
Anti virusAnti virus
Anti virus
Marlon San Luis
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
Shreya Singireddy
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
Shreya Singireddy
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
sandipslides
 
Anti virus
Anti virusAnti virus
Anti virus
Muhammad Sohaib Afzaal
 
How Antivirus detects VIRUS
How Antivirus detects VIRUSHow Antivirus detects VIRUS
How Antivirus detects VIRUS
Satyam Sangal
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
Amjad Bhutto
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
Khaleel Assadi
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Neel Pathak
 
Virus and antivirus
Virus and antivirusVirus and antivirus
Virus and antivirus
Prakriti Sharma
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
sandipslides
 
How to Protect your PC from Malware
How to Protect your PC from MalwareHow to Protect your PC from Malware
How to Protect your PC from Malware
aaberra
 
Virus & anti-virus
Virus & anti-virus Virus & anti-virus
Virus & anti-virus
Jayesh Naik
 
Viruses,antiviruses &amp; firewalls
Viruses,antiviruses &amp; firewallsViruses,antiviruses &amp; firewalls
Viruses,antiviruses &amp; firewalls
Jay Shah
 
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
sohail awan
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures
n|u - The Open Security Community
 
Anti virus software
Anti virus softwareAnti virus software
Anti virus software
harsh gajipara
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
gofortution
 
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMDETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
Editor IJMTER
 
XML Key Management Protocol for Secure Web Service
XML Key Management Protocol for Secure Web ServiceXML Key Management Protocol for Secure Web Service
XML Key Management Protocol for Secure Web Service
Md. Hasan Basri (Angel)
 

Weitere ähnliche Inhalte

Was ist angesagt?

How Antivirus detects VIRUS
How Antivirus detects VIRUSHow Antivirus detects VIRUS
How Antivirus detects VIRUS
Satyam Sangal
 

Was ist angesagt? (20)

Antivirus
AntivirusAntivirus
Antivirus
 
Virus and types of antivirus
Virus and types of antivirusVirus and types of antivirus
Virus and types of antivirus
 
Anti virus
Anti virusAnti virus
Anti virus
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
Anti virus
Anti virusAnti virus
Anti virus
 
How Antivirus detects VIRUS
How Antivirus detects VIRUSHow Antivirus detects VIRUS
How Antivirus detects VIRUS
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
 
Virus and antivirus
Virus and antivirusVirus and antivirus
Virus and antivirus
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
How to Protect your PC from Malware
How to Protect your PC from MalwareHow to Protect your PC from Malware
How to Protect your PC from Malware
 
Virus & anti-virus
Virus & anti-virus Virus & anti-virus
Virus & anti-virus
 
Viruses,antiviruses &amp; firewalls
Viruses,antiviruses &amp; firewallsViruses,antiviruses &amp; firewalls
Viruses,antiviruses &amp; firewalls
 
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures
 
Anti virus software
Anti virus softwareAnti virus software
Anti virus software
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
 

Andere mochten auch

DETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMDETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
Editor IJMTER
 
XML Key Management Protocol for Secure Web Service
XML Key Management Protocol for Secure Web ServiceXML Key Management Protocol for Secure Web Service
XML Key Management Protocol for Secure Web Service
Md. Hasan Basri (Angel)
 
Introduction to Bank Reconciliation
Introduction to Bank ReconciliationIntroduction to Bank Reconciliation
Introduction to Bank Reconciliation
Md. Hasan Basri (Angel)
 
Agile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your ProductivityAgile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your Productivity
Md. Hasan Basri (Angel)
 
Seminar project(computer virus)
Seminar project(computer virus)Seminar project(computer virus)
Seminar project(computer virus)
cdebraj16101991
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
Symantec
 

Andere mochten auch (9)

DETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMDETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
 
XML Key Management Protocol for Secure Web Service
XML Key Management Protocol for Secure Web ServiceXML Key Management Protocol for Secure Web Service
XML Key Management Protocol for Secure Web Service
 
Introduction to Bank Reconciliation
Introduction to Bank ReconciliationIntroduction to Bank Reconciliation
Introduction to Bank Reconciliation
 
Agile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your ProductivityAgile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your Productivity
 
ISO 8583 Financial Message Format
ISO 8583 Financial Message FormatISO 8583 Financial Message Format
ISO 8583 Financial Message Format
 
Virus project
Virus projectVirus project
Virus project
 
Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virus
 
Seminar project(computer virus)
Seminar project(computer virus)Seminar project(computer virus)
Seminar project(computer virus)
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
 

Ähnlich wie Signature based virus detection and protection system

Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
Symantec
 
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture0220111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02
Computer Science Club
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
Stephan Chenette
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
CTIN
 
Introduction trend micro malicious email
Introduction trend micro malicious emailIntroduction trend micro malicious email
Introduction trend micro malicious email
Andrew Wong
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
Yury Chemerkin
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
koolkampus
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
Andrew Wong
 
Security by Weston Hecker
Security by Weston HeckerSecurity by Weston Hecker
Security by Weston Hecker
EC-Council
 

Ähnlich wie Signature based virus detection and protection system (20)

SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited Ressources
 
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture0220111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Introduction trend micro malicious email
Introduction trend micro malicious emailIntroduction trend micro malicious email
Introduction trend micro malicious email
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security Ecosystem
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
 
virus
virusvirus
virus
 
Intro2 malwareanalysisshort
Intro2 malwareanalysisshortIntro2 malwareanalysisshort
Intro2 malwareanalysisshort
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
 
Security by Weston Hecker
Security by Weston HeckerSecurity by Weston Hecker
Security by Weston Hecker
 

Kürzlich hochgeladen

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Signature based virus detection and protection system

  • 1. 1
  • 2. Overview • Infection Strategies • Evaluation of Virus • Virus News & Statistics • Identification Methods • Project Overview • Data Flow Diagram (DFD) • Design the Proposed System • Conclusion • Future Work 2
  • 3. • A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. • The term "virus" is also commonly but incorrectly used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. • A true virus can only spread from one computer to another (in some form of executable code) . 3
  • 4. Internet/FTP Flash Drive Floppy Disk Email/IM CD/DVD Pirated Software LAN/File Sharing 4
  • 5. Resource DLL, OCX.. 2 In order to replicate itself, a … virus must be permitted to 1 execute code and write to memory. For this reason, 3 many viruses attach Virus Object themselves to executable files File that may be part of lawful programs. If a user attempts to launch an infected program, the virus' code may 5 be executed simultaneously.
  • 6. Figure : Virus Encounter Vectors The following graph depicts security vulnerabilities experienced by actual enterprise customers as surveyed by ICSA Labs for the years 1996 through 2002. 6
  • 7. Figure : Impact of Client Computing Vulnerabilities Ref: ICSA Labs Virus Prevalence Survey 2002 7
  • 8. 1. The first virus was born in the very beginning of 1970s. 2 Creeper was an experimental self-replicating program written by Bob Thomas at BBN in 1971. 3. Creeper gained access via the ARPANET and copied itself to the remote system. 4. The Reaper program was created to delete Creeper. [First Antivirus] 5. "Rother J" was the first computer virus to appear first time the lab where it was created. Written in 1981 by Richard Skrenta, 6. The first PC virus in the wild was a boot sector virus dubbed Brain. created in 1986 by the Farooq Alvi Brothers. 7. Macro viruses have become common since the mid-1990s. 8
  • 9. • It is estimated that PC Viruses cost businesses approximately $55 Billion in damages in 2003. • Processing between 50,000 and 60,000 new copies per hour, "W32/Mydoom.A has exceeded the infamous SoBig.F virus in terms of copies intercepted, and the number continues to rise." • Message Labs collected over 1.2 Million copies of W32/Mydoom.A-mm • At its peak infection rate, about 1 in 12 emails on the Internet were MyDoom Viruses 9
  • 10. 10
  • 11. Figure : Virus Signature Definition A signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus. Format: <Virus CRC16/CRC32 Hash Value> | <Virus Name> 0095C3A4|STONED.LESZOP.A 0086C7BE|STONED.MARCH6.A 11
  • 12. Search Memory Search File Search Registry Search Content Based Icon Based 12
  • 13. Pe n D rive, Flash e etc. driv 1 Removable Drive Scan M Delete virus Searching for worm as soon 1 Removable as it plug-in to the system and M Delete Dependencies Drive block auto-run activity. 2 Search Dependencies pI nfo. Startu 2 Startup scan M Kill Process Tree Scanning files and process at 1 System startup registry path.. M Delete Files Registry 2 M Delete Reg. Keys 3 13
  • 14. ss Li s t 3 Real Time Monitor Proce MILSPEC-MINING Apply M Kill Process Tree Running 1 to monitor process M Delete Files Process behaves 2 Search M Delete Reg. Keys Dependencies 3 ory 4 Scan For Drive Direct Use dictionary scan to M Kill Process Tree ch 1 Local Sear match with existing virus M Delete Files Disk Drive signature or Icon. 2 Search M Delete Reg. Keys Dependencies 3 14
  • 15. et 5 Scan with sample Targ t Scan with file name / icon M Kill Process Tree en 1 Local Cont / size / visibility etc. M Delete Files Disk Drive 2 M Delete Reg. Keys Directory 3 Search Local Drives 15
  • 16. To store the virus signature a collection of flat file is used and the attributes are separated by each other using pipeline “ | ‘’ symbol. Some Example are mentioned below, • 5B110B72|DENZUK.E • 5B0DE15C|PINGPONG.A • 5BEB04FF|WIN95.TWINNY.1638449 • 5B807327|WIN32.BOLZANO.3628 • 5B33914C|GENE.948 Where the first portion before ‘|’ (Pipeline), is used virus signature in CRC16 form and another portion is mentioned as virus code name. There are approximately 30’00 virus signatures are included in this project. 16
  • 17. 17
  • 18. 18
  • 19. 19

Hinweis der Redaktion

  1. Other in this graph represents unknown vectors and 3rd party/freeware software distribution.