SlideShare a Scribd company logo

Ch19

S
saurabhmittal79

topic on security

Engineering
1 of 32
Download to read offline
Viruses and Related Threats
2 Summary  have considered:  various malicious programs  trapdoor, logic bomb, trojan horse, zombie  viruses  worms  countermeasures  distributed denial of service attacks
3 Viruses and Related Threats  Viruses  Computer viruses have got a lot of publicity  One of a family of malicious software  Malicious software is software that is intentionally included or ins erted in a system for a harmful purpose  Effects usually obvious  They have figured in news reports, fiction, movies  often exaggerated  getting more attention than deserve
4 Viruses and Related Threats  Malicious Programs  Dependent program  They Need host programs  They cannot exist independent of some actual application  E.g.: Viruses, Logic bomb, Backdoor  Independent program  They can be scheduled and run by the OS  E.g.: Worm, Zombie
5 Viruses and Related Threats Taxonomy of Malicious Programs
6 Viruses and Related Threats  Backdoor or Trapdoor  A secret entry point in a program  It allows those who know access bypassing usual security procedures  It have been commonly used by developers  A threat when left in production programs allowing exploited by attackers  It is very hard to block in O/S  It requires good s/w development & update
7 Viruses and Related Threats  Logic Bomb  One of oldest types of malicious software  Code embedded in legitimate program  It is activated when specified conditions met  Example  presence/absence of some file  particular date/time  particular user  When triggered typically damage system  E.g., modify/delete files/disks, halt machine, etc
8 Viruses and Related Threats  Trojan Horse  A program (or some part of a program) with hidden side-effects  Trojan horse is usually attractive to run  E.g., freeware game, s/w upgrade, etc  when runs, it performs some additional tasks  allows attacker to indirectly gain access they do not have directly  E.g., destroy/modify data, …  It often used to propagate a virus/worm or install a backdo or
9 Viruses and Related Threats  Zombie  A program which secretly takes over another networked computer  Then, the attacker uses the zombies to indirectly launch attacks (to the target host)  => Zombies often used to launch distributed denial of service (DDoS) attacks  Zombie exploits known flaws in network systems
10 Viruses and Related Threats  The Nature of Viruses  Viruses: a piece of self-replicating code attached to some other code  Cf. biological virus  Both (biological/computer virus) carry a payload and prop agate itself  Payload contains code to make copies of itself as well as code to perform some covert task
11 Viruses and Related Threats  Virus phases:  Dormant – waiting on trigger event  Propagation – replicating to programs/disks  Triggering – activated by event to execute payload  Execution – performing the functions in the payload  Detailed phases usually depend on machine/OS specific  exploiting features/weaknesses
12 Viruses and Related Threats program V := {go to main : 1234567; subroutine infect-executable := {loop: file:=get-random-executable-file; if( first-line-of-file = 1234567 ) then goto loop else prepend V to file;} subroutine do-damage := {whatever damage is to be done} subroutine trigger-pulled := {return true if some condition holds} main : main-program := {infect-executable; if trigger-pulled then do-damage; goto next;} next; } - A simple virus - This virus is easily detected because an infected version of a program is longer than the corresponding uninfected one • Virus Structure
13 Viruses and Related Threats program CV := {go to main : 01234567; subroutine infect-executable := {loop: file:=get-random-executable-file; if( first-line-of-file = 1234567 ) then goto loop (1) compress file; (2) prepend CV to file; } main : main-program := {infect-executable; (3) uncompress rest-of-file; (4) run uncompressed file; goto next;} next; } - A Compression virus :A way to thwart a means of detecting a simple virus is to compress the executable file so that both the infected and uninfected versions are of identical length. • Logic of Compression Virus Running steps of compressed P1’ file that contains the virus code. 1. For each uninfected file P2, the virus first compress P2 to produce P2’. 2. The virus code is prepended to the P2’ 3. P1’ is uncompressed to P1 4. P1 is executed
14 Viruses and Related Threats A Compression Virus
15 Viruses and Related Threats  Types of Viruses  We can classify on basis of how they attack  Parasitic virus  it attaches itself to executable files and replicates.  Memory-resident virus  Lodges in main memory as part of a resident system program.  Boot sector virus  Infects a master boot record or boot record.  Stealth virus  A form of virus explicitly designed to hide itself from detection by antivi rus software.  Polymorphic virus  A virus that mutates with every infection.
16 Viruses and Related Threats  Macro Virus  macro code can be attached to some data file which is int erpreted by program using file  E.g., Word/Excel macros  Esp. using auto command & command macros  Macro code is now platform independent  Macro virus is a major source of new viral infections  There is blur distinction between data and program files  Classic trade-off: "ease of use" vs "security”  Successive release of Word provide increased protection, and today macro virus is no longer dominant virus threat
17 Viruses and Related Threats  Email Virus  Email viruses are spread using email with attachment containing a macro virus  cf Melissa  They are triggered when user opens attachment, or worse even when mail viewed by using scripting features in mail agent  => hence propagate very quickly  Usually targeted at Microsoft Outlook mail agent & Word /Excel documents  We need better O/S & application security
18 Viruses and Related Threats  Worms  Originally, worms are self-replicating programs but not in fecting ones.  Typically, spread over a network  E.g., Morris Internet Worm in 1988, which led to creation of CER Ts  Worms propagate by using users’ distributed privileges or by exploiting system vulnerabilities  Recently, worms are widely used by hackers to create zo mbie PC's, subsequently used for further attacks, esp. Do S (Denial-of-Services) attack.  Major issue is lack of security of permanently connected s ystems, esp. PC's
19 Viruses and Related Threats  It exhibits the same characteristics as a computer virus  The propagation phase performs the following functions :  Search for other systems to infect by examining host tables  Establish a connection with a remote system.  Copy itself to the remote system and cause the copy to be run.  It may also disguise its presence by naming itself as a syst em process or using some other name that may not be noti ced by a system operator.
20 Viruses and Related Threats  Morris Worm  best known classic worm  released by Robert Morris in 1988  targeted Unix systems  using several propagation techniques  simple password cracking of local pw file  exploit bug in finger daemon  exploit debug trapdoor in sendmail daemon  if any attack succeeds then replicated self
21 Viruses and Related Threats  Recent Worm  Attacks new spate of attacks from mid-2001  Code Red - used MS IIS bug  probes random IPs for systems running IIS  had trigger time for denial-of-service attack  2nd wave infected 360000 servers in 14 hours  Code Red 2 - installed backdoor  Nimda - multiple infection mechanisms  SQL Slammer - attacked MS SQL server  Sobig.f - attacked open proxy servers  Mydoom - mass email worm + backdoor
22 Viruses and Related Threats  State of Worm Technology  multiplatform  multiexploit  ultrafast spreading  polymorphic  metamorphic  transport vehicles  zero-day exploit
23 Virus Countermeasures  Best countermeasure is prevention  However, in general not possible  Hence, we need to do one or more of:  Detection - of viruses in infected system  Identification - of specific infecting virus  Removal - restoring system to clean state
24 Virus Countermeasures  Anti-Virus Approaches  first-generation  scanner uses virus signature to identify virus  or change in length of programs  second-generation  uses heuristic rules to spot viral infection  or uses crypto hash of program to spot changes  third-generation  memory-resident programs identify virus by actions  fourth-generation  packages with a variety of antivirus techniques  eg scanning & activity traps, access-controls  arms race continues
25 Virus Countermeasures  Advanced Anti-Virus Techniques  Generic decryption  It use CPU simulator to check program signature & behavior befo re actually running it  It start the simulator to simulate the file execution  Note that all polymorphic virus should decrypt itself to activate.  By periodically scanning the memory, decrypted virus code can be detected.
26 Virus Countermeasures  Digital Immune System  It is a comprehensive approach to virus protection developed by I BM  The objective of this system is to provide rapid response time so t hat viruses can be stamped out almost as soon as they are introduc ed  It uses general purpose emulation & virus detection  Any virus entering org is captured, analyzed, detection/shielding c reated for it, removed
27 Virus Countermeasures Digital Immune SystemDigital Immune System
28 Virus Countermeasures  Behavior-Blocking Software  integrated with host O/S  monitors program behavior in real-time  E.g., file access, disk format, executable modifications, system set tings changes, network access  For possibly malicious actions, if detected can block, term inate, or seek OK  B-B s/w has advantage over scanners  But, malicious code runs before detection
29 Distributed Denial of Service Attacks (DDoS)  Denial of Service (DoS) attacks  An attempt to make a computer resource unavailable to its intended u sers.  Typically, the targets are high-profile web servers where the attack is aiming to cause the hosted web pages to be unavailable on the Interne t.  Distributed Denial of Service (DDoS) attacks  Attacks form a significant security threat where it makes networked systems unavailable by flooding with useless traffic  It uses large numbers of “zombies”  It is one of growing sophistication of attacks  Defense technologies are struggling to cope
30 Distributed Denial of Service Attacks (DDoS) Distributed Denial of Service Attacks (Distributed Denial of Service Attacks (DDoSDDoS))
31 Distributed Denial of Service Attacks (DDoS)  Constructing the DDoS Attack Network  We must infect large number of zombies  Requirements.: 1. Software to implement the DDoS attack 2. An unpatched vulnerability on many systems 3. A scanning strategy to find vulnerable systems  random, hit-list, topological, local subnet
32 Distributed Denial of Service Attacks (DDoS)  DDoS Countermeasures  Three broad lines of defense: 1. Attack prevention & preemption (before) 2. Attack detection & filtering (during) 3. Attack source traceback & identification (after)  There are huge range of attack possibilities  Hence, DDos contermeasures must evolve with the threat

Recommended

Malicious
MaliciousMalicious
Maliciousashraf karaimeh
 
Malicious software
Malicious softwareMalicious software
Malicious softwarerajakhurram
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Lecture 3
Lecture 3Lecture 3
Lecture 3Education
 
Program security
Program securityProgram security
Program securityG Prachi
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Malicious Software and Virus
Malicious Software and Virus Malicious Software and Virus
Malicious Software and Virus Tasif Tanzim
 

Recommended

Malicious
MaliciousMalicious
Maliciousashraf karaimeh
 
Malicious software
Malicious softwareMalicious software
Malicious softwarerajakhurram
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Lecture 3
Lecture 3Lecture 3
Lecture 3Education
 
Program security
Program securityProgram security
Program securityG Prachi
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Malicious Software and Virus
Malicious Software and Virus Malicious Software and Virus
Malicious Software and Virus Tasif Tanzim
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Malicious software
Malicious softwareMalicious software
Malicious softwareDr.Florence Dayana
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Internet Security
Internet SecurityInternet Security
Internet SecurityManoj Sahu
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Virus
VirusVirus
VirusProtik Roy
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwaresMirza Adnan Baig
 
Virus
VirusVirus
VirusMukul Kumar
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malwaredrewz lin
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS sohail awan
 
Viruses and virus countetmeasures
Viruses and virus countetmeasuresViruses and virus countetmeasures
Viruses and virus countetmeasuresprawinrajanIT
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Seminar project(computer virus)
Seminar project(computer virus)Seminar project(computer virus)
Seminar project(computer virus)cdebraj16101991
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusBESOR ACADEMY
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo MaliciosoJose Manuel Acosta
 
Malicious Software
Malicious SoftwareMalicious Software
Malicious SoftwareHamza Muhammad
 
Ch19
Ch19Ch19
Ch19Joe Christensen
 
Unit - 5.ppt
Unit - 5.pptUnit - 5.ppt
Unit - 5.pptDHANABALSUBRAMANIAN
 

More Related Content

What's hot

Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Internet Security
Internet SecurityInternet Security
Internet SecurityManoj Sahu
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malwaredrewz lin
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS sohail awan
 
Viruses and virus countetmeasures
Viruses and virus countetmeasuresViruses and virus countetmeasures
Viruses and virus countetmeasuresprawinrajanIT
 
Seminar project(computer virus)
Seminar project(computer virus)Seminar project(computer virus)
Seminar project(computer virus)cdebraj16101991
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusBESOR ACADEMY
 

What's hot (20)

Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File Inclusion
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Virus
VirusVirus
Virus
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Virus
VirusVirus
Virus
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malware
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
 
Viruses and virus countetmeasures
Viruses and virus countetmeasuresViruses and virus countetmeasures
Viruses and virus countetmeasures
 
Malicious
MaliciousMalicious
Malicious
 
Seminar project(computer virus)
Seminar project(computer virus)Seminar project(computer virus)
Seminar project(computer virus)
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirus
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
 
Malicious Software
Malicious SoftwareMalicious Software
Malicious Software
 

Similar to Ch19

Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakrabortysankhadeep
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventionsPrem Kumar Bonam
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Computer viruses
Computer virusesComputer viruses
Computer virusesSimiAttri
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniquesPrasad Athukorala
 
PPT on information technology laws description
PPT on information technology laws descriptionPPT on information technology laws description
PPT on information technology laws descriptionranaanish11062001
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusMaryam Malik
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakrabortyJoy Chakraborty
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 
Presentation24190
Presentation24190Presentation24190
Presentation24190KRT395
 

Similar to Ch19 (20)

Ch19
Ch19Ch19
Ch19
 
Unit - 5.ppt
Unit - 5.pptUnit - 5.ppt
Unit - 5.ppt
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventions
 
virus
virusvirus
virus
 
Presentation2
Presentation2Presentation2
Presentation2
 
Mitppt
MitpptMitppt
Mitppt
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniques
 
PPT on information technology laws description
PPT on information technology laws descriptionPPT on information technology laws description
PPT on information technology laws description
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirus
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9
 
presentation on Virus
presentation on Viruspresentation on Virus
presentation on Virus
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To Malwares
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
 

Recently uploaded

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 

Recently uploaded (20)

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 

Ch19

  • 2. 2 Summary  have considered:  various malicious programs  trapdoor, logic bomb, trojan horse, zombie  viruses  worms  countermeasures  distributed denial of service attacks
  • 3. 3 Viruses and Related Threats  Viruses  Computer viruses have got a lot of publicity  One of a family of malicious software  Malicious software is software that is intentionally included or ins erted in a system for a harmful purpose  Effects usually obvious  They have figured in news reports, fiction, movies  often exaggerated  getting more attention than deserve
  • 4. 4 Viruses and Related Threats  Malicious Programs  Dependent program  They Need host programs  They cannot exist independent of some actual application  E.g.: Viruses, Logic bomb, Backdoor  Independent program  They can be scheduled and run by the OS  E.g.: Worm, Zombie
  • 5. 5 Viruses and Related Threats Taxonomy of Malicious Programs
  • 6. 6 Viruses and Related Threats  Backdoor or Trapdoor  A secret entry point in a program  It allows those who know access bypassing usual security procedures  It have been commonly used by developers  A threat when left in production programs allowing exploited by attackers  It is very hard to block in O/S  It requires good s/w development & update
  • 7. 7 Viruses and Related Threats  Logic Bomb  One of oldest types of malicious software  Code embedded in legitimate program  It is activated when specified conditions met  Example  presence/absence of some file  particular date/time  particular user  When triggered typically damage system  E.g., modify/delete files/disks, halt machine, etc
  • 8. 8 Viruses and Related Threats  Trojan Horse  A program (or some part of a program) with hidden side-effects  Trojan horse is usually attractive to run  E.g., freeware game, s/w upgrade, etc  when runs, it performs some additional tasks  allows attacker to indirectly gain access they do not have directly  E.g., destroy/modify data, …  It often used to propagate a virus/worm or install a backdo or
  • 9. 9 Viruses and Related Threats  Zombie  A program which secretly takes over another networked computer  Then, the attacker uses the zombies to indirectly launch attacks (to the target host)  => Zombies often used to launch distributed denial of service (DDoS) attacks  Zombie exploits known flaws in network systems
  • 10. 10 Viruses and Related Threats  The Nature of Viruses  Viruses: a piece of self-replicating code attached to some other code  Cf. biological virus  Both (biological/computer virus) carry a payload and prop agate itself  Payload contains code to make copies of itself as well as code to perform some covert task
  • 11. 11 Viruses and Related Threats  Virus phases:  Dormant – waiting on trigger event  Propagation – replicating to programs/disks  Triggering – activated by event to execute payload  Execution – performing the functions in the payload  Detailed phases usually depend on machine/OS specific  exploiting features/weaknesses
  • 12. 12 Viruses and Related Threats program V := {go to main : 1234567; subroutine infect-executable := {loop: file:=get-random-executable-file; if( first-line-of-file = 1234567 ) then goto loop else prepend V to file;} subroutine do-damage := {whatever damage is to be done} subroutine trigger-pulled := {return true if some condition holds} main : main-program := {infect-executable; if trigger-pulled then do-damage; goto next;} next; } - A simple virus - This virus is easily detected because an infected version of a program is longer than the corresponding uninfected one • Virus Structure
  • 13. 13 Viruses and Related Threats program CV := {go to main : 01234567; subroutine infect-executable := {loop: file:=get-random-executable-file; if( first-line-of-file = 1234567 ) then goto loop (1) compress file; (2) prepend CV to file; } main : main-program := {infect-executable; (3) uncompress rest-of-file; (4) run uncompressed file; goto next;} next; } - A Compression virus :A way to thwart a means of detecting a simple virus is to compress the executable file so that both the infected and uninfected versions are of identical length. • Logic of Compression Virus Running steps of compressed P1’ file that contains the virus code. 1. For each uninfected file P2, the virus first compress P2 to produce P2’. 2. The virus code is prepended to the P2’ 3. P1’ is uncompressed to P1 4. P1 is executed
  • 14. 14 Viruses and Related Threats A Compression Virus
  • 15. 15 Viruses and Related Threats  Types of Viruses  We can classify on basis of how they attack  Parasitic virus  it attaches itself to executable files and replicates.  Memory-resident virus  Lodges in main memory as part of a resident system program.  Boot sector virus  Infects a master boot record or boot record.  Stealth virus  A form of virus explicitly designed to hide itself from detection by antivi rus software.  Polymorphic virus  A virus that mutates with every infection.
  • 16. 16 Viruses and Related Threats  Macro Virus  macro code can be attached to some data file which is int erpreted by program using file  E.g., Word/Excel macros  Esp. using auto command & command macros  Macro code is now platform independent  Macro virus is a major source of new viral infections  There is blur distinction between data and program files  Classic trade-off: "ease of use" vs "security”  Successive release of Word provide increased protection, and today macro virus is no longer dominant virus threat
  • 17. 17 Viruses and Related Threats  Email Virus  Email viruses are spread using email with attachment containing a macro virus  cf Melissa  They are triggered when user opens attachment, or worse even when mail viewed by using scripting features in mail agent  => hence propagate very quickly  Usually targeted at Microsoft Outlook mail agent & Word /Excel documents  We need better O/S & application security
  • 18. 18 Viruses and Related Threats  Worms  Originally, worms are self-replicating programs but not in fecting ones.  Typically, spread over a network  E.g., Morris Internet Worm in 1988, which led to creation of CER Ts  Worms propagate by using users’ distributed privileges or by exploiting system vulnerabilities  Recently, worms are widely used by hackers to create zo mbie PC's, subsequently used for further attacks, esp. Do S (Denial-of-Services) attack.  Major issue is lack of security of permanently connected s ystems, esp. PC's
  • 19. 19 Viruses and Related Threats  It exhibits the same characteristics as a computer virus  The propagation phase performs the following functions :  Search for other systems to infect by examining host tables  Establish a connection with a remote system.  Copy itself to the remote system and cause the copy to be run.  It may also disguise its presence by naming itself as a syst em process or using some other name that may not be noti ced by a system operator.
  • 20. 20 Viruses and Related Threats  Morris Worm  best known classic worm  released by Robert Morris in 1988  targeted Unix systems  using several propagation techniques  simple password cracking of local pw file  exploit bug in finger daemon  exploit debug trapdoor in sendmail daemon  if any attack succeeds then replicated self
  • 21. 21 Viruses and Related Threats  Recent Worm  Attacks new spate of attacks from mid-2001  Code Red - used MS IIS bug  probes random IPs for systems running IIS  had trigger time for denial-of-service attack  2nd wave infected 360000 servers in 14 hours  Code Red 2 - installed backdoor  Nimda - multiple infection mechanisms  SQL Slammer - attacked MS SQL server  Sobig.f - attacked open proxy servers  Mydoom - mass email worm + backdoor
  • 22. 22 Viruses and Related Threats  State of Worm Technology  multiplatform  multiexploit  ultrafast spreading  polymorphic  metamorphic  transport vehicles  zero-day exploit
  • 23. 23 Virus Countermeasures  Best countermeasure is prevention  However, in general not possible  Hence, we need to do one or more of:  Detection - of viruses in infected system  Identification - of specific infecting virus  Removal - restoring system to clean state
  • 24. 24 Virus Countermeasures  Anti-Virus Approaches  first-generation  scanner uses virus signature to identify virus  or change in length of programs  second-generation  uses heuristic rules to spot viral infection  or uses crypto hash of program to spot changes  third-generation  memory-resident programs identify virus by actions  fourth-generation  packages with a variety of antivirus techniques  eg scanning & activity traps, access-controls  arms race continues
  • 25. 25 Virus Countermeasures  Advanced Anti-Virus Techniques  Generic decryption  It use CPU simulator to check program signature & behavior befo re actually running it  It start the simulator to simulate the file execution  Note that all polymorphic virus should decrypt itself to activate.  By periodically scanning the memory, decrypted virus code can be detected.
  • 26. 26 Virus Countermeasures  Digital Immune System  It is a comprehensive approach to virus protection developed by I BM  The objective of this system is to provide rapid response time so t hat viruses can be stamped out almost as soon as they are introduc ed  It uses general purpose emulation & virus detection  Any virus entering org is captured, analyzed, detection/shielding c reated for it, removed
  • 27. 27 Virus Countermeasures Digital Immune SystemDigital Immune System
  • 28. 28 Virus Countermeasures  Behavior-Blocking Software  integrated with host O/S  monitors program behavior in real-time  E.g., file access, disk format, executable modifications, system set tings changes, network access  For possibly malicious actions, if detected can block, term inate, or seek OK  B-B s/w has advantage over scanners  But, malicious code runs before detection
  • 29. 29 Distributed Denial of Service Attacks (DDoS)  Denial of Service (DoS) attacks  An attempt to make a computer resource unavailable to its intended u sers.  Typically, the targets are high-profile web servers where the attack is aiming to cause the hosted web pages to be unavailable on the Interne t.  Distributed Denial of Service (DDoS) attacks  Attacks form a significant security threat where it makes networked systems unavailable by flooding with useless traffic  It uses large numbers of “zombies”  It is one of growing sophistication of attacks  Defense technologies are struggling to cope
  • 30. 30 Distributed Denial of Service Attacks (DDoS) Distributed Denial of Service Attacks (Distributed Denial of Service Attacks (DDoSDDoS))
  • 31. 31 Distributed Denial of Service Attacks (DDoS)  Constructing the DDoS Attack Network  We must infect large number of zombies  Requirements.: 1. Software to implement the DDoS attack 2. An unpatched vulnerability on many systems 3. A scanning strategy to find vulnerable systems  random, hit-list, topological, local subnet
  • 32. 32 Distributed Denial of Service Attacks (DDoS)  DDoS Countermeasures  Three broad lines of defense: 1. Attack prevention & preemption (before) 2. Attack detection & filtering (during) 3. Attack source traceback & identification (after)  There are huge range of attack possibilities  Hence, DDos contermeasures must evolve with the threat