SlideShare a Scribd company logo

Detection of Self-Disciplinary Worms

Download as PPTX, PDF
K
Krishna Chaitanya Yarlagadda

Detection of Self-Disciplinary Worms

Engineering
1 of 25
 Krishna Chaitanya Yarlagadda 011103105 INTERNAL GUIDE Mr.J.Sethuraman
TITLE Self-Disciplinary Worms and Countermeasures : Modeling and Analysis
SCOPE To develop the proper countermeasures for defending against self-disciplinary worm
THEORETICAL BACKGROUND  Most previous work assumed that a worm always propagates itself at the highest possible speed.  Some newly developed worms (e.g.,“Atak” worm) contradict this assumption by deliberately reducing the propagation speed in order to avoid detection.  As such, we study a new class of worms, referred to as self- disciplinary worms. These worms adapt their propagation patterns in order to reduce the probability of detection, and eventually, to infect more computers. We demonstrate that existing worm detection schemes based on traffic volume and variance cannot effectively defend against these self-disciplinary worms
EXISTING SYSTEM In the existing system the worms infecting a number of computers without being detected, the worm propagator can remotely control the infected computers and use them as stepping stones to launch further attacks (e.g., distributed denial-of-service (DDOS) , phishing and spyware. In most of the existing system, if a system is affected by worm it is cleared by using antivirus software. But if the operating system of a system gets affected by worm it is impossible to clear it. As a result the operating system has to be formatted and a new operating system only should be installed. If worm were found out and cleared user might not know about the source node which sent the worm file. This is major disadvantage in the existing systems.
PROBLEM DEFINITION In networks we have diversified applications like file sharing, collaborations, and process sharing and distributed computing. Over the years, worms have emerged as a main source of trouble in P2P or client/server networks. If hackers’ identifies the threshold value of any systems means they can easily spread the worms among the network. Another problem is, it is difficult to identify the original source.
PROPOSED SYSTEM  In the proposed system, we can make a best identification of the propagator based on their request. Whenever any node detects any worms automatically the worm is detected by our proposed system and deletes the worm file also. And with the help of the patch framework, the worm in the affected system is cleared. And also here we perform the IP trace back for finding out the original source which produces the worms. Thus this proposed system meets the following merits.  Worm is detected dynamically  Both dynamic and static worms are detected efficiently  Alert the user  Fetch out the worm source
MODULES  Worm propagator.  Spectrum Analysis.  Worm detection.  Trace back.  Attack Source Elimination.
MODULE DESCRIPTION Module 1:WORM PROPAGATOR  Worm propagator is the attacker who spreads the worm in a network. In common a worm propagator has two objectives:  To maximize the number of infected computers.  To avoid being traced back.
MODULE DESCRIPTION Module 2:Spectrum Analysis  In the Spectrum Analysis, the worm’s behavior is monitored continuously. Based on the behavior of the worm for a period of time, we could able to find whether the worm is static or dynamic behavior.  Usually the static behavior worms can be controlled by the usual Traditional method. But this Spectrum method is used to find out the dynamic behavior of the worms
MODULE DESCRIPTION Module 3:Worm Detection  Self disciplinary worms may be dynamic propagating worm or static propagating worm. A major effort for detecting worm propagation has been the Internet Threat Monitoring (ITM) system.  An ITM system consists of one centralized data center and a number of monitors, which are distributed across the Internet at hosts, routers, and firewalls, etc. Each monitor is responsible for monitoring suspicious traffic and reporting them to the data center. The data center then analyzes the collected traffic logs and detects worm attacks.
MODULE DESCRIPTION Module 4:IP Trace back Another defensive countermeasure is trace back, which enables law enforcement agencies to identify the original worm propagators and punish them. A trace back scheme typically involves a number of routers, which monitor all through-traffic and store traffic logs in a storage server. When a “trace back” order is given, the traffic logs (e.g., flow-level recorded logged by the networks) are postmortem analyzed in order to identify the origins of the worm propagator. When the source of the worm is detected the system alerts the node about the source and blocks all packets from that particular source.
MODULE DESCRIPTION Module 5:Attack Source Elimination  Once we apply the IP Trace back system, we can identify the exact source of the system which is involved in spreading of the worms. We are identifying the Source of the Worm creator & we can eliminate that system from the network. This process of elimination would create more secured communication.
DATAFLOW DIAGRAM
SEQUENCE DIAGRAM
USE CASE DIAGRAM
CLASS DIAGRAM
METHODOLOGY ADOPTED AND SYSTEM IMPLEMENTATION Module 1:  The worm propagator is the one which spreads the worms across the network to effect the more number of computers. This module is implemented by sending the worm contained files across the network. Module2:  The behavior of the system is monitored continuously and any change in the behavior can be detected by the Spectrum Analysis method.
METHODOLOGY ADOPTED AND SYSTEM IMPLEMENTATION Module 3:  The worm detector identifies whether the type of file is an ordinary file or worm affected file . The dummy worm files are downloaded and kept in one folder to differentiate them from ordinary ones. Module4:  The source node which sends the worm file across the network is identified in this module. Module 5:  Here after we identify the source node we are eliminating the source node from the network if is a worm contained file from the node.
METHODOLOGY ADOPTED: JDK 1.3 :  we have made use of Java Development Kit JDK 1.3. As a result, the various .java files of an applet must be compiled with this software. Java swing :  The Swing toolkit includes a rich set of components for building GUIs and adding interactivity to Java applications.  Swing includes all the components of a modern toolkit such as table controls, list controls, tree controls, buttons, and labels. MS SQL server 2000 :  Microsoft SQL Server 2000 is a full-featured relational database management system (RDBMS).  It offers a variety of administrative tools to ease the burdens of database development, maintenance and administration
SYSTEM PLANNING  Create a GUI and enter the number of nodes and node names.  Establish the connection between the nodes using their ports and their IP addresses.  The source and destination connections established are stored in the database.  Create one applet for each node in the network .Include the options in it which are necessary for the nodes in the network to communicate(example :to browse and send a file across the established connection).  The dummy worm files are downloaded and kept in a separate folder.
SYSTEM PLANNING  If the communication between the nodes is file which is an ordinary file communication continues and so on.  If the communication between the nodes is a worm contained file then worm gets detected and the source node is identifies.  After the source node is identified by using the Attack Source Elimination the source node which spreads the worm is disconnected from the network to provide a secured communication.
CODING: Code for connecting database public void ConnectDB() { try{ Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); con=DriverManager.getConnection("jdbc:odbc:DRIVER=SQL Server;Server=.;Database=dht1;UID=sa"); stmt= con.createStatement(); }catch(Exception ex){ ex.printStackTrace(); System.out.println(ex); } }.
HARDWARE REQUIREMENTS  Processor : Pentium II 266 MHz  RAM : 64 MB  HDD : 2.1 GB SOFTWARE REQUIREMENTS  Platform : Windows Xp  Front End : Java JDK 1.3,swings  Back End : MS SQL Server
REFERENCE  [1] D. Moore, C. Shannon, and J. Brown, “Code Red: A Case Study on the Spread and Victims of an Internet Worm,” Proc. Second Internet Measurement Workshop (IMW), Nov. 2002.  [2] D. Moore, V. Paxson, and S. Savage, “Inside the Slammer Worm,” IEEE Magazine of Security and Privacy, vol. 4, no. 1, pp. 33-39, July 2003.  “The Security Essentials “ by local author.

Recommended

Modeling and Containment of Uniform Scanning Worms
Modeling and Containment of Uniform Scanning WormsModeling and Containment of Uniform Scanning Worms
Modeling and Containment of Uniform Scanning WormsIOSR Journals
 
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...Mrunalini Koritala
 
Eh34803812
Eh34803812Eh34803812
Eh34803812IJERA Editor
 
Protocols for detection of node replication attack on wireless sensor network
Protocols for detection of node replication attack on wireless sensor networkProtocols for detection of node replication attack on wireless sensor network
Protocols for detection of node replication attack on wireless sensor networkIOSR Journals
 
2011 modeling and detection of camouflaging worm
2011 modeling and detection of camouflaging worm2011 modeling and detection of camouflaging worm
2011 modeling and detection of camouflaging wormdeepikareddy123
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemSarah Rudd
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and ThreatsMarketingArrowECS_CZ
 

Recommended

Modeling and Containment of Uniform Scanning Worms
Modeling and Containment of Uniform Scanning WormsModeling and Containment of Uniform Scanning Worms
Modeling and Containment of Uniform Scanning WormsIOSR Journals
 
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...
2011-A_Novel_Approach_to_Troubleshoot_Security_Attacks_in_Local_Area_Networks...Mrunalini Koritala
 
Eh34803812
Eh34803812Eh34803812
Eh34803812IJERA Editor
 
Protocols for detection of node replication attack on wireless sensor network
Protocols for detection of node replication attack on wireless sensor networkProtocols for detection of node replication attack on wireless sensor network
Protocols for detection of node replication attack on wireless sensor networkIOSR Journals
 
2011 modeling and detection of camouflaging worm
2011 modeling and detection of camouflaging worm2011 modeling and detection of camouflaging worm
2011 modeling and detection of camouflaging wormdeepikareddy123
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemSarah Rudd
 
Modern Malware and Threats
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and ThreatsMarketingArrowECS_CZ
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorUltraUploader
 
A taxonomy of computer worms
A taxonomy of computer wormsA taxonomy of computer worms
A taxonomy of computer wormsUltraUploader
 
IDS Network security - Bouvry
IDS Network security - BouvryIDS Network security - Bouvry
IDS Network security - Bouvrygh02
 
Metasploit
MetasploitMetasploit
Metasploitninguna
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Operating systems and computer security
Operating systems and computer securityOperating systems and computer security
Operating systems and computer securitySwati Bhonde
 
Virus detection based on virus throttle technology
Virus detection based on virus throttle technologyVirus detection based on virus throttle technology
Virus detection based on virus throttle technologyAhmed Muzammil
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513IJRAT
 
Enhanced green firewall for
Enhanced green firewall forEnhanced green firewall for
Enhanced green firewall forijistjournal
 
Malware detection
Malware detectionMalware detection
Malware detectionssuser1eca7d
 
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...ijtsrd
 
Ijfls05
Ijfls05Ijfls05
Ijfls05ijfls
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Honey pots
Honey potsHoney pots
Honey potsDivya korrapati
 
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKNOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKIJNSA Journal
 
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...IRJET Journal
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareShan Kumar
 
An approach to containing computer viruses
An approach to containing computer virusesAn approach to containing computer viruses
An approach to containing computer virusesUltraUploader
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computingأحلام انصارى
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
A trust system based on multi level virus detection
A trust system based on multi level virus detectionA trust system based on multi level virus detection
A trust system based on multi level virus detectionUltraUploader
 
Mitppt
MitpptMitppt
MitpptAarti Prakash
 

More Related Content

What's hot

Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorUltraUploader
 
A taxonomy of computer worms
A taxonomy of computer wormsA taxonomy of computer worms
A taxonomy of computer wormsUltraUploader
 
IDS Network security - Bouvry
IDS Network security - BouvryIDS Network security - Bouvry
IDS Network security - Bouvrygh02
 
Metasploit
MetasploitMetasploit
Metasploitninguna
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Operating systems and computer security
Operating systems and computer securityOperating systems and computer security
Operating systems and computer securitySwati Bhonde
 
Virus detection based on virus throttle technology
Virus detection based on virus throttle technologyVirus detection based on virus throttle technology
Virus detection based on virus throttle technologyAhmed Muzammil
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513IJRAT
 
Enhanced green firewall for
Enhanced green firewall forEnhanced green firewall for
Enhanced green firewall forijistjournal
 
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...ijtsrd
 
Ijfls05
Ijfls05Ijfls05
Ijfls05ijfls
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKNOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKIJNSA Journal
 
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...IRJET Journal
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareShan Kumar
 
An approach to containing computer viruses
An approach to containing computer virusesAn approach to containing computer viruses
An approach to containing computer virusesUltraUploader
 

What's hot (20)

Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
 
A taxonomy of computer worms
A taxonomy of computer wormsA taxonomy of computer worms
A taxonomy of computer worms
 
IDS Network security - Bouvry
IDS Network security - BouvryIDS Network security - Bouvry
IDS Network security - Bouvry
 
Metasploit
MetasploitMetasploit
Metasploit
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Operating systems and computer security
Operating systems and computer securityOperating systems and computer security
Operating systems and computer security
 
Virus detection based on virus throttle technology
Virus detection based on virus throttle technologyVirus detection based on virus throttle technology
Virus detection based on virus throttle technology
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513
 
Enhanced green firewall for
Enhanced green firewall forEnhanced green firewall for
Enhanced green firewall for
 
Malware detection
Malware detectionMalware detection
Malware detection
 
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...
 
Ijfls05
Ijfls05Ijfls05
Ijfls05
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
Honey pots
Honey potsHoney pots
Honey pots
 
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKNOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORK
 
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_Spyware
 
An approach to containing computer viruses
An approach to containing computer virusesAn approach to containing computer viruses
An approach to containing computer viruses
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 
Honeypots
HoneypotsHoneypots
Honeypots
 

Similar to Detection of Self-Disciplinary Worms

A trust system based on multi level virus detection
A trust system based on multi level virus detectionA trust system based on multi level virus detection
A trust system based on multi level virus detectionUltraUploader
 
Internet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining TechniquesInternet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining Techniquesiosrjce
 
Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1IJITE
 
Modul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.pptModul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.pptcemporku
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)inventionjournals
 
Paper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdfPaper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdfRishikhesanALMuniand
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 
Talk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomwareTalk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomwareshubaira
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
 

Similar to Detection of Self-Disciplinary Worms (20)

A trust system based on multi level virus detection
A trust system based on multi level virus detectionA trust system based on multi level virus detection
A trust system based on multi level virus detection
 
Mitppt
MitpptMitppt
Mitppt
 
Internet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining TechniquesInternet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining Techniques
 
L017317681
L017317681L017317681
L017317681
 
Computer worm
Computer wormComputer worm
Computer worm
 
Computer worm
Computer wormComputer worm
Computer worm
 
DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1
 
Modul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.pptModul 4 Intrusion Detection System IDS.ppt
Modul 4 Intrusion Detection System IDS.ppt
 
G0262042047
G0262042047G0262042047
G0262042047
 
G0262042047
G0262042047G0262042047
G0262042047
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
 
Kx3419591964
Kx3419591964Kx3419591964
Kx3419591964
 
Paper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdfPaper-ComputerWormClassification.pdf
Paper-ComputerWormClassification.pdf
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
 
System_security.pptx
System_security.pptxSystem_security.pptx
System_security.pptx
 
Talk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomwareTalk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomware
 
G011123539
G011123539G011123539
G011123539
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural Network
 

Recently uploaded

UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGSIVASHANKAR N
 

Recently uploaded (20)

UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
 

Detection of Self-Disciplinary Worms

  • 1.  Krishna Chaitanya Yarlagadda 011103105 INTERNAL GUIDE Mr.J.Sethuraman
  • 3. SCOPE To develop the proper countermeasures for defending against self-disciplinary worm
  • 4. THEORETICAL BACKGROUND  Most previous work assumed that a worm always propagates itself at the highest possible speed.  Some newly developed worms (e.g.,“Atak” worm) contradict this assumption by deliberately reducing the propagation speed in order to avoid detection.  As such, we study a new class of worms, referred to as self- disciplinary worms. These worms adapt their propagation patterns in order to reduce the probability of detection, and eventually, to infect more computers. We demonstrate that existing worm detection schemes based on traffic volume and variance cannot effectively defend against these self-disciplinary worms
  • 5. EXISTING SYSTEM In the existing system the worms infecting a number of computers without being detected, the worm propagator can remotely control the infected computers and use them as stepping stones to launch further attacks (e.g., distributed denial-of-service (DDOS) , phishing and spyware. In most of the existing system, if a system is affected by worm it is cleared by using antivirus software. But if the operating system of a system gets affected by worm it is impossible to clear it. As a result the operating system has to be formatted and a new operating system only should be installed. If worm were found out and cleared user might not know about the source node which sent the worm file. This is major disadvantage in the existing systems.
  • 6. PROBLEM DEFINITION In networks we have diversified applications like file sharing, collaborations, and process sharing and distributed computing. Over the years, worms have emerged as a main source of trouble in P2P or client/server networks. If hackers’ identifies the threshold value of any systems means they can easily spread the worms among the network. Another problem is, it is difficult to identify the original source.
  • 7. PROPOSED SYSTEM  In the proposed system, we can make a best identification of the propagator based on their request. Whenever any node detects any worms automatically the worm is detected by our proposed system and deletes the worm file also. And with the help of the patch framework, the worm in the affected system is cleared. And also here we perform the IP trace back for finding out the original source which produces the worms. Thus this proposed system meets the following merits.  Worm is detected dynamically  Both dynamic and static worms are detected efficiently  Alert the user  Fetch out the worm source
  • 8. MODULES  Worm propagator.  Spectrum Analysis.  Worm detection.  Trace back.  Attack Source Elimination.
  • 9. MODULE DESCRIPTION Module 1:WORM PROPAGATOR  Worm propagator is the attacker who spreads the worm in a network. In common a worm propagator has two objectives:  To maximize the number of infected computers.  To avoid being traced back.
  • 10. MODULE DESCRIPTION Module 2:Spectrum Analysis  In the Spectrum Analysis, the worm’s behavior is monitored continuously. Based on the behavior of the worm for a period of time, we could able to find whether the worm is static or dynamic behavior.  Usually the static behavior worms can be controlled by the usual Traditional method. But this Spectrum method is used to find out the dynamic behavior of the worms
  • 11. MODULE DESCRIPTION Module 3:Worm Detection  Self disciplinary worms may be dynamic propagating worm or static propagating worm. A major effort for detecting worm propagation has been the Internet Threat Monitoring (ITM) system.  An ITM system consists of one centralized data center and a number of monitors, which are distributed across the Internet at hosts, routers, and firewalls, etc. Each monitor is responsible for monitoring suspicious traffic and reporting them to the data center. The data center then analyzes the collected traffic logs and detects worm attacks.
  • 12. MODULE DESCRIPTION Module 4:IP Trace back Another defensive countermeasure is trace back, which enables law enforcement agencies to identify the original worm propagators and punish them. A trace back scheme typically involves a number of routers, which monitor all through-traffic and store traffic logs in a storage server. When a “trace back” order is given, the traffic logs (e.g., flow-level recorded logged by the networks) are postmortem analyzed in order to identify the origins of the worm propagator. When the source of the worm is detected the system alerts the node about the source and blocks all packets from that particular source.
  • 13. MODULE DESCRIPTION Module 5:Attack Source Elimination  Once we apply the IP Trace back system, we can identify the exact source of the system which is involved in spreading of the worms. We are identifying the Source of the Worm creator & we can eliminate that system from the network. This process of elimination would create more secured communication.
  • 18. METHODOLOGY ADOPTED AND SYSTEM IMPLEMENTATION Module 1:  The worm propagator is the one which spreads the worms across the network to effect the more number of computers. This module is implemented by sending the worm contained files across the network. Module2:  The behavior of the system is monitored continuously and any change in the behavior can be detected by the Spectrum Analysis method.
  • 19. METHODOLOGY ADOPTED AND SYSTEM IMPLEMENTATION Module 3:  The worm detector identifies whether the type of file is an ordinary file or worm affected file . The dummy worm files are downloaded and kept in one folder to differentiate them from ordinary ones. Module4:  The source node which sends the worm file across the network is identified in this module. Module 5:  Here after we identify the source node we are eliminating the source node from the network if is a worm contained file from the node.
  • 20. METHODOLOGY ADOPTED: JDK 1.3 :  we have made use of Java Development Kit JDK 1.3. As a result, the various .java files of an applet must be compiled with this software. Java swing :  The Swing toolkit includes a rich set of components for building GUIs and adding interactivity to Java applications.  Swing includes all the components of a modern toolkit such as table controls, list controls, tree controls, buttons, and labels. MS SQL server 2000 :  Microsoft SQL Server 2000 is a full-featured relational database management system (RDBMS).  It offers a variety of administrative tools to ease the burdens of database development, maintenance and administration
  • 21. SYSTEM PLANNING  Create a GUI and enter the number of nodes and node names.  Establish the connection between the nodes using their ports and their IP addresses.  The source and destination connections established are stored in the database.  Create one applet for each node in the network .Include the options in it which are necessary for the nodes in the network to communicate(example :to browse and send a file across the established connection).  The dummy worm files are downloaded and kept in a separate folder.
  • 22. SYSTEM PLANNING  If the communication between the nodes is file which is an ordinary file communication continues and so on.  If the communication between the nodes is a worm contained file then worm gets detected and the source node is identifies.  After the source node is identified by using the Attack Source Elimination the source node which spreads the worm is disconnected from the network to provide a secured communication.
  • 23. CODING: Code for connecting database public void ConnectDB() { try{ Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); con=DriverManager.getConnection("jdbc:odbc:DRIVER=SQL Server;Server=.;Database=dht1;UID=sa"); stmt= con.createStatement(); }catch(Exception ex){ ex.printStackTrace(); System.out.println(ex); } }.
  • 24. HARDWARE REQUIREMENTS  Processor : Pentium II 266 MHz  RAM : 64 MB  HDD : 2.1 GB SOFTWARE REQUIREMENTS  Platform : Windows Xp  Front End : Java JDK 1.3,swings  Back End : MS SQL Server
  • 25. REFERENCE  [1] D. Moore, C. Shannon, and J. Brown, “Code Red: A Case Study on the Spread and Victims of an Internet Worm,” Proc. Second Internet Measurement Workshop (IMW), Nov. 2002.  [2] D. Moore, V. Paxson, and S. Savage, “Inside the Slammer Worm,” IEEE Magazine of Security and Privacy, vol. 4, no. 1, pp. 33-39, July 2003.  “The Security Essentials “ by local author.