this project is to find new processes in the system which are not shown in the task manager. it works greatly in the windows system. it compares system processes with user defined data base process(orginal processes of windows).
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
Enchaning system effiency through process scanning
1. SREENIDHI INSTITUTE OF SCIENCE & TECHNOLOGY
Department of Computer Science and Engineering
ENHANCHING SYSTEM EFFICIENCY THROUGH PROCESS
SCANNING
BY
M.SAI KIRAN (16311D2509)
M.TECH(SE) II Year
Under the guidance of
Internal Guide: M . Tech Coordinator: Head of the Department:
Dr. Prasanta Kumar Sahoo, Dr . Prasanta Kumar Sahoo, Dr. Aruna Varanasi,
Associate Professor, Professor, Professor,
Dept. of CSE, SNIST Dept. of CSE, SNIST. Dept. of CSE, SNIST.
2. Types of firewalls
• Hardware Software
a) Sophos SG 210 a)packet filtering
b) cisco SA 500 b) circuit-level gateway
c) stateful inspection
d) application-level gateway
e) Next generation firewall
3. Abstract
• In this era of computer age everyone starting from individuals to organizations are using
internet, email and other social media for their day-to-day operations. As internet is public
network not having inbuilt security mechanisms the hackers are taking advantages of situation
to steel vital data. To avoid from data theft organizations and corporations started using
firewalls to protect themselves but firewall checks only IP address and port numbers, if valid
then it allows the packet blindly into the system. Unencrypted protocols and out-dated
certification for SSL in networks create the serious issue in the firewalls. Firewalls doesn’t
check the complete data packet. Firewalls containing misconfigurations and unnecessary rules
which causing them to reduce the security and performance of the firewall. Firewalls can
check only existing attacks not able to detect new attacks. This research work proposes a
methodology to scan the various processes in the host system and to detect the new malwares
at all. It focuses on the operating system processes to check weather the valid processes or not
, with default system processes. If any new process is detected then it gives alert message to
user.
4. Introduction
• Internet has becoming most essential for everyone now a days due to its user friendliness. Industries,
organizations, and the society as whole are depending on the internet in order to carry out their day to day
work. More and more people are using online banking, e-commerce and many more application like
WhatsApp, Facebook and other messaging services. The number is increasing exponentially day to day.
• Malware writer are creating malwares in very secure manner which makes them to keep them in safe side from
firewall and antivirus.
• Latest malware are creating the new processes in operating system processes and giving Dll injections to the
operating system and kernel level processes to hide themselves safely. Once they successful in creating the process
in the operating system process and kernel level processes then it’s very difficult to catch them.
5. Problems in the system
• Present firewalls don’t check completely on SSL protocols, which keeps firewalls in useless
situation.
• Malwares are in encrypted form, so its getting hard to detect them.
• Malware hides in bootable driver so firewalls and antivirus don’t touch those files to perform
scanning.
• trying to hide in hardware programming files which makes them to detect impossible because
whenever system turns on hardware programming files are first to run in the system and those are
very important files to system.
• Able to make changes in the BIOS setting and UEFI fireware files which leaves system in
vulnerable state.
• Errors in Graphics and fonts applications.
6. Problems In Existing System
• It checks only IP address weather is it valid or not, if it is valid
IP then it doesn’t checks data packets, blindly it allows into
system.
• To many of rules leads to decrease in the performance.
• Redundancy rules: Problems are occurring when filtering have
to be done.(because life time of the packet)
• Limitations in the FIREMAN.(it won’t checks for payloads,
exploits, auxiliaries and other frames).
7. Proposed System
• This research work proposes to use a process scanner system to
discover unknown malicious processes. This can help us to find new
malicious activities in system and to protect the system from leaking
of vital data. First it collects all process which are directly linked with
operating system that might be foreground or background it collects
every single process in the system. Then it compares all the collected
processes with user defined data base to filter and list malicious
processes. User defined data base contains original processes details
which are related to operation system. It collected many processes
which are not shown in task manager. It found many new processes
which are not related to operating system. Then the list of collected
processes are checked with the user defined database.
8. Algorithm
• Collects current running processes in the system
• Stream the processes as input for validation of process.
• Validates the processes with the database(contains the default
operating system processes)
• If new process is detected then it gives the alert message to user
else
goes back to running process.
9. Paper Title Methodology used Output Publication
and year
FIREMAN: A
toolkit for firewall
modeling and
analysis.
In this paper, they used
static analysis to
discover firewall
misconfigurations with
FIREMAN. It works
based on control-flow
or data-flow in the
firewall.
Parsing and rule graphs
FIREMAN successfully
discovered all
misconfiguration in the
firewall before deploying
them in the network. It is
fully automated and works in
offline.
IEEE & 2006
Discovery of policy
anomalies in
distributed.
In this paper, they
developed the POLICY
ADVISOR to find out the
policy anomalies. It works
bases on the RISK LEVELS.
Risk levels can be
identified by the
vulnerability
scanners.(nesses)
POLICY ADVISOR discovered
the policy anomalies and
with this new rules can be
inserted and can be deleted
by the admin. Strategy will
be applied by admin.
IEEE Journal
& 2004
10. Paper Title Methodology used output Publication and year
A
Detecting and
Resolving Firewall
policy anomalies
A grid based
visualization
technique is
introduced to
represent policy
anomaly diagnosis
information.
FAME is introduced
to check the rule
policies.
Rule-Reordering
technique used.
FAME shows every
single rule policy in
the graphical
representation.
FAME reduced the
redundancies in the
firewall.
IEEE Journal & 2012
12. System process
processes
Collects
processes();
Validate process
Running processes,
validation.
Collects the running
processes();
Validates the
processes();
Database
processes
Default
processes();
New process
New process
New processes
action();
Alert user
Alert user, Alert
message.
Shows alert
message();
Pop-up box();
Class Diagram
15. Implementation
import psutil Note: psutil is library which cant be find in python its own library by user
if os.name != 'nt':
sys.exit("platform not supported (Windows only)")
def main():
for service in psutil.win_service_iter():
info = service.as_dict()
print("%r (%r)" % (info['name'], info['display_name']))
print("status: %s, start: %s, pid: %s" % ( info['status'], info['start_type'], info['pid']))
print("binpath: %s" % info['binpath'])
print(info['display_name'])
with open('display_name.txt', 'a') as f:
f.write("{}n".format(info['display_name']))
19. Conclusion
In this society of internet age everyone are depending on the internet to carry out their
day to day works. Internet supports user’s most convenient way of using but at the
same time do not guarantee for confidentiality of their vital data. Hence most of the
organizations depend on the firewalls for security of their vital data. This research
work reviews the rules in many firewalls and found that most of the firewalls check
only IP address and port numbers, if it is match with the database blindly allow the
packets. Firewalls do not check the complete data packet which may contain some
viruses. Another limitation of the firewalls is that it only checks the existing attacks
and not able to detect the new attacks. This paper proposes a new technique to scan the
various processes running on the desktop including the background processes in order
to detect the new malicious code. This work develops it own user defined database
consist of all processes related to Windows operating system. Then it checks the all
the process in the desktop with the existing used defined database and if it found any
process do not match, then it is considered as malicious process and alters the user
immediately in order to take suitable measure.
20. References
• [1] Fu-Hau Hsu, Min-Hao Wu, Chang-Kuo Tso, Chi-Hsien hsu, and Chieh-Wen Chen, “ Antivirus Software Shield Against
Antivirus Terminators”, ieee transactions on information forensics and security,vol.,7,No. 5, October, pp:1439-1447, 2012.
• [2] Florian Heimgaerther, Mark Schmidt, David Morgenstern Michael Menth, “ A software-defined firewall bypass for
congestion offloading” , 13th International Conference on Network and Service Management (CNSM), pp: 1-9, 2017.
• [3] Sung-Bae Cho and Hyuk-Jang Park,” Efficient anomaly detection by modelling privilege flows using hidden Markov
model”, Elsevier,computers & security Vol 22, No 1, pp: 45-55, 2003.
• [4] Natthanon Thamsirarak, Thanayut Seethongchuen, Paruj Ratanaworabham, “ A Case for Malware that Make Antivirus
Irrelevant”, ieee, pp:1-6, 2015.
• [5] Rafael Fedler, Marcel Kulicke and Julian Schutte, “ An Antivirus API for Android Malware Recognition”, 8th International
Conference on Malicious and Unwanted Software, ieee, pp:77-84, 2013.
• [6]. Simeon Miteff, Scoot Hazelhurst, “ NFShunt: a Linux firewall with OpenFlow-enabled hardware bypass”, IEEE
Conference on Network Function Virtualization and Software Defined Netwrok (NFV-SDN), pp:100-106, 2015.