Your SlideShare is downloading. ×
0
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Alexandros Papanikolaou PROmis
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Alexandros Papanikolaou PROmis

532

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
532
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. PROMIS - a PROactiveMalware IdentificationSystemVasileios VlachosAlexandros PapanikolaouFotis Liatsis
  • 2. Crowdsourcingcrowd·sourc·ing:to utilize (labor, information, etc.) contributed by the general publicto (a project), often via the Internet and without compensationCan you guess the exact weight of an ox…orthe exact number of the beans in a jar
  • 3. Crowdsourcing Probably none of us could do it right ...but all of us together is another story…Crowdsourcing uses the collective wisdom of thecrowds as it collects large amounts of information and aggregates it to gain a complete andaccurate picture of a topic, based on the idea thata group of people is often more intelligent than an individual Photo (CC-BY) James Cridland.
  • 4. CrowdsourcingC’mon be serious, who cares about oxenand coffee beans in jars ?Apparently the USS Navy (Dr John Craven wasappointed with a group of scientists) to locate themissing USS Scorpion in the Ocean…as well its two nuclear torpedoes. Bow section of the sunken Scorpion containing two nuclear torpedoes on the sea floor. US Navy photo.
  • 5. CrowdsourcingYeah but that was old time ago๏ DARPA Network Challenge 2009Ten red balloons were released in various places in the US and theparticipants had to get the exact coordinates of the ballons.๏ Tag Challenge, funded by the US State Department 2012Three out 5 individuals in 5 different cities were identifiedand found from volunteers using crowdsourcing New York Washington DC Bratislava Stockholm
  • 6. The Problem: Computerviruses… and wormsA computer worm is a standalone malware computer program that replicates itselfin order to spread to other computers. Often, it uses a computer network tospread itself Code Red 12h Slammmer 10m
  • 7. Computer Viruses The lifecycle of an antivirus signature 1. Collect a suspicious file 2. Analyze the suspicious code 3. Create a virus signature 4. Test the signature to avoid identifying legitimate applications as malware 5. Push the update to the software clients How much time do we need to complete the above steps?
  • 8. PROMIS - a PROactive MalwareIdentification System๏ PROMIS is an Early Warning System for rapidly-spreading computer viruses๏ PROMIS is a small software application which transform a PC in to a sensor๏ PROMIS needs only to have access to the log file of the security applications (Firewall and AntiVirus), no sensitive data are even read๏ PROMIS combines the basic concepts of crowdsourcing, biodiversity with epidemiology and public health (after all computer viruses have striking similarities with biological viruses)๏ PROMIS act preactively in order to protect against unknown threats and buys some time to user and AV vendors to provide signatures, patches and updates
  • 9. The Question: Biodiversity vsMonocultures๏ Monoculture is the agricultural practice of producing or growing a single crop or plant species over a wide area and for a large number of consecutive years. In the field of computer science, monoculture is a community of computers that all run identical software. All the computer systems in the community have the same vulnerabilities, and, like agricultural monocultures, are subject to catastrophic failure in the event of a successful attack.๏ This concept is significant when discussing computer security and viruses. In particular, Dan Geer has argued that Microsoft is a monoculture, since a majority of the overall number of computers connected to the Internet are workstations and servers running versions of the Microsoft Windows operating system, many of which are vulnerable to the same attacks. Biodiversity on the hand utilizes different software and hardware architectures provides us with significant and useful information๏ Monocultures can lead to the quicker spread of diseases but๏ also keep costs down (economies of scale, standardization etc)
  • 10. The Problem: ComputerVirusesIf a system isn’t vulnerable then the virus / worm attack isrecorded in the Antivirus / Firewall Log FileAn increase in the rate of attacks might indicate๏ Technical malfunctioning๏ A targeted attack๏ A virus epidemic
  • 11. PROMIS - a PROactive Malware IdentificationSystem Locally interceptedPROactive malicious activity k åh n iMalware htn - i= t- k ptn = k kIdentification åh n i i= t- k kSystem Estimation of Internet threa level n åP t i pavg = i=1 n
  • 12. PROMIS - a PROactive MalwareIdentification System
  • 13. PROMIS - CountermeasuresIf the threat level exceeds a pre-defined thresholdautonomously increase or decrease the security level by• Activating / deactivating useful but not critical services• Increase / decrease the security client of the browser / e-mail client• Enable / disable types of content which are known infection vectors (Flash, Java, VBA, javascript etc)Instead of trying to create vaccines (signatures) for anynew unknown computer virus we follow simple publichealth approaches. Take some basic precautions until thestorm weather out (and or a cure or a vaccine isready)…just like the flow
  • 14. Proof of concept prototypes I Java 1.4 JXTA 1.1NetBiotic Windows XP Linux Outwit tools
  • 15. Proof of concept prototypes II Windows XP SP1 MSP2P API C#, C++MSPROMIS ICF Outwit tools
  • 16. SimulationThe simulator works fine (output close to the analyticalsolution) as well some other software tools that we havebuilt
  • 17. SimulationA sufficient number of nodes survives theinfection according to the experimentalresults
  • 18. ConclusionsWhat do we need from you?Your feedback, as well as your help to increaseour project’s visibility, because in order to build acrowdsourcing application you know we need….acrowd !Your ideas about a possible business plan tofacilitate the development and support of theplatform for sufficient time to attract adequateusers
  • 19. SummarySome publications so no patents at all, sorry!๏ Vasileios Vlachos, and Diomidis Spinellis, A PRoactive Malware Identification System based on the Computer Hygiene Principles, Information Management & Computer Security, 15(4):295–312, 2007. (doi:10.1108/09685220710817815)๏ Vasileios Vlachos, Stefanos Androutsellis-Theotokis and Diomidis Spinellis, Security Applications of Peer-to-peer Networks, Computer Networks (Elsevier Science), Volume 45, Issue 2, pp 195-205, June 2004. (doi:10.1016/j.comnet.2004.01.002)๏ Vasileios Vlachos, Andreas Raptis, and Diomidis Spinellis PROMISing steps towards computer hygiene.", In Steven Furnell, editor, International Network Conference (INC2006), pages 229-236, July 2006, Plymouth, UK.Is the outcome of the PhD work of the 1st member under the supervision of Professor DiomidisSpinellis๏ PhD Thesis, "Security Applications of Peer to Peer Networks", Athens University of Economics and Business (AUEB), Athens, July 2007
  • 20. Summary Our team: Vasileios Vlachos Alexandros PapanikoalouProfessor of Technological Researcher Fotis Liatsis Applications Technical University of Crete Undergraduate StudentTechnological Educational Technological Educational Institute of Larissa Institute of Larissa

×