Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Real Time Malware Defense System in LINUX

608 views

Published on

My third year I.T engineering seminar was Real Time Malware Defense System Based On Linux Task Structure. If anybody felt of asking something. Feel free.

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

Real Time Malware Defense System in LINUX

  1. 1. Real-Time Malware Defense System (Based On Linux Task Structure) Seminar By : Dilip K. Jaiswal Class : T.E-I.T Roll No : 55 Guided By : Prof. Bhushan S. Chaudhari 1
  2. 2. Contents • Introduction • Malware • What is process And How it works in Linux • Related Work • Detection Based on System Call • Architecture of RTMDS • Modes of Operation • Task Structure 2
  3. 3. Contents (cont...) • Criteria Of Detecting Malware • System Designing • Getting Process information • Detecting Malicious activity in Linux • Advantages • Conclusion • References 3
  4. 4. Introduction • Focus on Processes for information security. • Real Time monitoring at Kernel Level • It will fully achieve anti-virus and anti-sobatage system 4
  5. 5. Malware • Worms • Viruses • Trojan Horse 5
  6. 6. What is Process? • A program under is execution called as Process. 6
  7. 7. Working of Processes in Linux • How process is created • Where process information get stored 7
  8. 8. Related Work • API Interface or System Call provided by O.S. • Through system Calls there are two techniques – Signature based Analysis – Signature free Analysis 8
  9. 9. Detection Based On System Call Signature Based Analysis • System maintains Database to detect malware • System Continuously runs as a daemon process Signature Free Analysis • No Such Database is maintained • Detection is done using process descriptor 9
  10. 10. Architecture Of RTMDS 10
  11. 11. Modes Of Operation • Kernel Level • User level 11
  12. 12. Task Structure • Task Descriptor • The task_struct structure is allocated via the slab allocator. • Slab allocator • Task Structure • struct task_struct { pid_t pid; pid_t tgid; pid_t uid; Void *stack; __u32 status; time _t utime; time _t stime; int nvcsw; int preempt_count; } 12
  13. 13. Criteria Of Detecting Malware • From the task structure and observe the behavior and properties of the process. • following criteria that has been mentioned – Scheduling lists & Process lists – Memory mapping 13
  14. 14. Activity Diagram 14
  15. 15. Communication Diagram 15
  16. 16. Getting Process Information • cat /proc/P_id/status • cat /proc/P_id/stack • cat /proc/meminfo 16
  17. 17. Detecting Malicious Activity in Linux • sudo cat /etc/shadow • sudo cat /etc/passwd • sudo top or sudo htop 17
  18. 18. Conclusion • Detects Malware and kills during its execution time • It has least false alarms and higher accuracy 18
  19. 19. References 1. Farrukh Shazad, Sohali Bhatti, Muhammad Shahzad and Muddsar Farukh, InExecution Malware Detection using Task Structureof Linux process 978-1-61284-233- 2/11/2011 IEEE. 2. Nwokedi Ldika, Aditya Mathur, A Survey of Malware Detection Techniques, Research supported by Arxan Technologies/21STC.R&T Fund,2/2/2007. 3. Farrukh Shazad, M. Shahzad, Muddassar Farooq; “In-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS”. 4. Robert Love; "Linux Kernel Development", 3rd Edition. 5. Robert Love; "Linux Kernel Development, Developer's Library", 3rd Edition. 6. Dilip Pandit, Dineshkumar Kongonda, Kabita Ghosh, Ravikumar Wagh, Tushar Kute;"Real Time Malware Defense System" 19
  20. 20. THANK YOU ANY QUERIES…?? 20

×