Downloaded 64 times
![1. The first virus was born in the very beginning of 1970s.
2 Creeper was an experimental self-replicating program written by Bob
Thomas at BBN in 1971.
3. Creeper gained access via the ARPANET and copied itself to the remote
system.
4. The Reaper program was created to delete Creeper. [First Antivirus]
5. "Rother J" was the first computer virus to appear first time the lab where it
was created. Written in 1981 by Richard Skrenta,
6. The first PC virus in the wild was a boot sector virus dubbed Brain.
created in 1986 by the Farooq Alvi Brothers.
7. Macro viruses have become common since the mid-1990s.
8](https://image.slidesharecdn.com/presentation-121029010325-phpapp02/75/Signature-based-virus-detection-and-protection-system-8-2048.jpg)
Uploaded byMd. Hasan Basri (Angel)
Signature based virus detection and protection system
This document discusses computer viruses and antivirus software. It provides an overview of infection strategies used by viruses, methods to identify viruses, and statistics on the impacts of viruses. It then covers the history of early computer viruses from 1971 to 1986. The document also includes diagrams depicting virus encounter vectors and the impact of vulnerabilities. It describes virus signature definitions and scanning techniques used by antivirus software to detect and remove viruses from systems and networks.
More Related Content
Similar to Signature based virus detection and protection system
Signature based virus detection and protection system
- 1.
- 2. • Overview • Infection Strategies • Evaluation of Virus • Virus News & Statistics • Identification Methods • Project Overview • Data Flow Diagram (DFD) • Design the Proposed System • Conclusion • Future Work 2
- 3. • A computervirus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. • The term "virus" is also commonly but incorrectly used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. • A true virus can only spread from one computer to another (in some form of executable code) . 3
- 4. Internet/FTP Flash Drive Floppy Disk Email/IM CD/DVD Pirated Software LAN/File Sharing 4
- 5. Resource DLL, OCX.. 2 In order to replicate itself, a … virus must be permitted to 1 execute code and write to memory. For this reason, 3 many viruses attach Virus Object themselves to executable files File that may be part of lawful programs. If a user attempts to launch an infected program, the virus' code may 5 be executed simultaneously.
- 6. Figure : VirusEncounter Vectors The following graph depicts security vulnerabilities experienced by actual enterprise customers as surveyed by ICSA Labs for the years 1996 through 2002. 6
- 7. Figure : Impactof Client Computing Vulnerabilities Ref: ICSA Labs Virus Prevalence Survey 2002 7
- 8. 1. The firstvirus was born in the very beginning of 1970s. 2 Creeper was an experimental self-replicating program written by Bob Thomas at BBN in 1971. 3. Creeper gained access via the ARPANET and copied itself to the remote system. 4. The Reaper program was created to delete Creeper. [First Antivirus] 5. "Rother J" was the first computer virus to appear first time the lab where it was created. Written in 1981 by Richard Skrenta, 6. The first PC virus in the wild was a boot sector virus dubbed Brain. created in 1986 by the Farooq Alvi Brothers. 7. Macro viruses have become common since the mid-1990s. 8
- 9. • It isestimated that PC Viruses cost businesses approximately $55 Billion in damages in 2003. • Processing between 50,000 and 60,000 new copies per hour, "W32/Mydoom.A has exceeded the infamous SoBig.F virus in terms of copies intercepted, and the number continues to rise." • Message Labs collected over 1.2 Million copies of W32/Mydoom.A-mm • At its peak infection rate, about 1 in 12 emails on the Internet were MyDoom Viruses 9
- 10.
- 11. Figure : VirusSignature Definition A signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus. Format: <Virus CRC16/CRC32 Hash Value> | <Virus Name> 0095C3A4|STONED.LESZOP.A 0086C7BE|STONED.MARCH6.A 11
- 12. Search Memory Search File Search Registry Search Content Based Icon Based 12
- 13. Pe n D rive, Flash e etc. driv 1 Removable Drive Scan M Delete virus Searching for worm as soon 1 Removable as it plug-in to the system and M Delete Dependencies Drive block auto-run activity. 2 Search Dependencies pI nfo. Startu 2 Startup scan M Kill Process Tree Scanning files and process at 1 System startup registry path.. M Delete Files Registry 2 M Delete Reg. Keys 3 13
- 14. ss Li s t 3 Real Time Monitor Proce MILSPEC-MINING Apply M Kill Process Tree Running 1 to monitor process M Delete Files Process behaves 2 Search M Delete Reg. Keys Dependencies 3 ory 4 Scan For Drive Direct Use dictionary scan to M Kill Process Tree ch 1 Local Sear match with existing virus M Delete Files Disk Drive signature or Icon. 2 Search M Delete Reg. Keys Dependencies 3 14
- 15. et 5 Scan with sample Targ t Scan with file name / icon M Kill Process Tree en 1 Local Cont / size / visibility etc. M Delete Files Disk Drive 2 M Delete Reg. Keys Directory 3 Search Local Drives 15
- 16. To store thevirus signature a collection of flat file is used and the attributes are separated by each other using pipeline “ | ‘’ symbol. Some Example are mentioned below, • 5B110B72|DENZUK.E • 5B0DE15C|PINGPONG.A • 5BEB04FF|WIN95.TWINNY.1638449 • 5B807327|WIN32.BOLZANO.3628 • 5B33914C|GENE.948 Where the first portion before ‘|’ (Pipeline), is used virus signature in CRC16 form and another portion is mentioned as virus code name. There are approximately 30’00 virus signatures are included in this project. 16
- 17.
- 18.
- 19.
Editor's Notes
- #7 Other in this graph represents unknown vectors and 3rd party/freeware software distribution.