SlideShare a Scribd company logo

Virus detection based on virus throttle technology

Ahmed Muzammil
Ahmed Muzammil

In the Internet age, virus epidemics are getting worse than before, making the networks slow, computers slow, suspending mission critical operations and so on. In this presentation, a new technique for virus detection based on virus throttle technology is presented. This technique allows detecting attacks on networks within seconds of possible virus affection. The special feature of this technology is that its virus detection algorithm is based on the network behavior of the virus and not on identification of virus code. So it is possible to detect even unknown viruses without any signature updates. The technology white paper is available at the following link: http://www.slideshare.net/ahmedmzl/virus-detection-based-on-virus-throttle-technology

Technology
1 of 16
Download to read offline
VIRUS DETECTION BASED ON VIRUS THROTTLE TECHNOLOGY Ahmed Muzammil Jamal Mohamed ahmedmuzammil@outlook.com
Virus ¨  Infects or Corrupts Files ¨  Hidden in Code ¨  Can be Metamorphic ¨  Can’t Surivive Itself ¨  Propagates by sharing files ¨  Propagates by affecting open network shares
Trojan ¨  Appears as a useful file - “waterfalls.scr” ¨  Undesired Functionality ¨  Executes malicious code along with the useful code ¨  Unable to identify by a naïve user
Worm ¨  A malicious program ¨  Self Replicating ¨  Doesn’t need a host program ¨  Harms network - Consumes Local Resources - Consumes Bandwidth
Limitations of Existing Virus Detection Methods ¨  They detect viruses based on signature recognition ¨  Based on physical characteristics of the virus ¨  Effectiveness decreases w.r.t. no. of viruses ¨  Takes time to release the signature of a new virus ¨  Need for a new solution: Machine Speed vs. Human Speed
Virus Throttle – What is it ? ¨  Car Throttle – Reduce Speed ¨  Virus Throttle is based on the behavior of malicious code ¨  Malicious Code make many connections to new computers ¨  SQL Slammer - >800 Connections per Second ¨  Rate Limit on Connections to New Computers
Virus Throttle – How It Works ?
Example Worm – W32/Nimda-D ¨  Tests carried out at HP Labs using the W32/Nimda-D worm and several other test worms ¨  W32/Nimda-D - It is a mass-mailing worm - It affects both local files and network shares - Creates 120+ connections per second ¨  Test Worms had different frequencies of connections
Detection of W32/Nimda-D Worm using the traditional approach ¨  The virus spreads rapidly ¨  Need for signature update ¨  Without signature update - Temporary Solution - Suspend the network - Financial / Productivity Loss ¨  After signature update - Each computer has to be disinfected - Takes days to complete
Detection of W32/Nimda-D Worm using the Virus Throttle ¨  Throttle detects the process ¨  Throttle cuts the extra connections ¨  Thus no or less number of PCs are affected.
Advantages of Virus Throttle ¨  Works without knowing anything about the virus ¨  Protection only slows down the network traffic ¤  Thus false negatives don’t have much effect ¨  Gives IT staff time to react ¨  Effects of deploying the Virus Throttle widely ¤  Difficult for viruses to spread at all
Results connections stopping allowed per second   time   connections   Nimda   120   0.25s   1   Test Worm   20   5.44s   5   40   2.34s   2   60   1.37s   1   80   1.04s   1   100   0.91s   1   150   0.21s   0   200   0.02s   0   SQL Slammer   850   0.02s   0  
Virus Detection on PC based on Virus Throttle Technology ¨  Traditional Virus Scanners scan all the files ¨  Consume much of the processing resource ¨  The new technique filters the files that have to be scanned.
Components of the new technique for Virus Detection ¨  A gateway – Defined as THROTWALL ¨  A Traditional Virus Scanner
THROTWALL ¨  THROTWALL is similar to firewall for networks and works on the basis of Virus Throttle. ¨  Monitors running processes for suspicious activity ¨  Protects the super resources ¨  When process requests
Thank You… ¨  Read the research whitepaper here: Slideshare.net ¨  Like this presentation? Share it... ¨  Questions? Tweet me @ahmedmzl ¨  This presentation was presented at the following conferences: ¤  The IET-UK Present Around the World – India Finals ¤  National Conference on Communication and Informatics

Recommended

introtomalware
introtomalwareintrotomalware
introtomalwareAlexander Rivera
 
Proofing against malware
Proofing against malwareProofing against malware
Proofing against malware
SensePost
 
Sanmi's first pp
Sanmi's first ppSanmi's first pp
Sanmi's first ppsanmitha rao
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirusAshish Gautam
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methods
Somanath Kavalase
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
McAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint SecurityMcAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint Security
netlogix
 
Five culprits of slow internet connection
Five culprits of slow internet connectionFive culprits of slow internet connection
Five culprits of slow internet connection
Nexus Net
 

Recommended

introtomalware
introtomalwareintrotomalware
introtomalwareAlexander Rivera
 
Proofing against malware
Proofing against malwareProofing against malware
Proofing against malware
SensePost
 
Sanmi's first pp
Sanmi's first ppSanmi's first pp
Sanmi's first ppsanmitha rao
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirusAshish Gautam
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methods
Somanath Kavalase
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
McAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint SecurityMcAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint Security
netlogix
 
Five culprits of slow internet connection
Five culprits of slow internet connectionFive culprits of slow internet connection
Five culprits of slow internet connection
Nexus Net
 
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDays Riga
 
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Pranjal Vyas
 
Computer virus presenatation
Computer virus presenatationComputer virus presenatation
Computer virus presenatationrarediamond_2012
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUF
Tamas K Lengyel
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
Arpit Mittal
 
Avast! antivirus protection
Avast! antivirus protectionAvast! antivirus protection
Avast! antivirus protectionPusat Latihan Teknologi Tinggi (Adtec) Taiping
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
Symantec Security Response
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detectionChong-Kuan Chen
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
Orbid
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
LakshayNRReddy
 
Netforts
Netforts Netforts
Netforts
Wing Venture Capital
 
Worm Propagation Simulation Analysis
Worm Propagation Simulation AnalysisWorm Propagation Simulation Analysis
Worm Propagation Simulation Analysis
allengalvan
 
Introduction to Malwares
Introduction to MalwaresIntroduction to Malwares
Introduction to Malwares
Abdelhamid Limami
 
Viruses, worms, and trojan horses
Viruses, worms, and trojan horsesViruses, worms, and trojan horses
Viruses, worms, and trojan horses
EILLEN IVY PORTUGUEZ
 
Viruses, worms, and trojan horses
Viruses, worms, and trojan horsesViruses, worms, and trojan horses
Viruses, worms, and trojan horses
EILLEN IVY PORTUGUEZ
 
Spo2 t19 spo2-t19
Spo2 t19 spo2-t19Spo2 t19 spo2-t19
Spo2 t19 spo2-t19SelectedPresentations
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsMehrdad Jingoism
 
Computer Introduction-Lecture04
Computer Introduction-Lecture04Computer Introduction-Lecture04
Computer Introduction-Lecture04
Dr. Mazin Mohamed alkathiri
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
Abhijeet Karve
 
Laura informatica
Laura informaticaLaura informatica
Laura informatica
laura_vanessa_villa_gil
 

More Related Content

What's hot

DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDays Riga
 
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Pranjal Vyas
 
Computer virus presenatation
Computer virus presenatationComputer virus presenatation
Computer virus presenatationrarediamond_2012
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUF
Tamas K Lengyel
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
Arpit Mittal
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
Symantec Security Response
 

What's hot (8)

DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Do...
 
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
 
Computer virus presenatation
Computer virus presenatationComputer virus presenatation
Computer virus presenatation
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUF
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
 
Avast! antivirus protection
Avast! antivirus protectionAvast! antivirus protection
Avast! antivirus protection
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
 

Similar to Virus detection based on virus throttle technology

Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detectionChong-Kuan Chen
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
Orbid
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
LakshayNRReddy
 
Netforts
Netforts Netforts
Netforts
Wing Venture Capital
 
Worm Propagation Simulation Analysis
Worm Propagation Simulation AnalysisWorm Propagation Simulation Analysis
Worm Propagation Simulation Analysis
allengalvan
 
Introduction to Malwares
Introduction to MalwaresIntroduction to Malwares
Introduction to Malwares
Abdelhamid Limami
 
Viruses, worms, and trojan horses
Viruses, worms, and trojan horsesViruses, worms, and trojan horses
Viruses, worms, and trojan horses
EILLEN IVY PORTUGUEZ
 
Viruses, worms, and trojan horses
Viruses, worms, and trojan horsesViruses, worms, and trojan horses
Viruses, worms, and trojan horses
EILLEN IVY PORTUGUEZ
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsMehrdad Jingoism
 
Computer Introduction-Lecture04
Computer Introduction-Lecture04Computer Introduction-Lecture04
Computer Introduction-Lecture04
Dr. Mazin Mohamed alkathiri
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
Abhijeet Karve
 
Laura informatica
Laura informaticaLaura informatica
Laura informatica
laura_vanessa_villa_gil
 
Web Security.pptx
Web Security.pptxWeb Security.pptx
Web Security.pptx
AnnMichelleDiaz
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and worms
Asep Sopyan
 
Safe computing (circa 2004)
Safe computing (circa 2004)Safe computing (circa 2004)
Safe computing (circa 2004)
Azmi Mohd Tamil
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
Stephan Chenette
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
Neha Kurale
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentation
isc2-hellenic
 

Similar to Virus detection based on virus throttle technology (20)

Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
Netforts
Netforts Netforts
Netforts
 
Worm Propagation Simulation Analysis
Worm Propagation Simulation AnalysisWorm Propagation Simulation Analysis
Worm Propagation Simulation Analysis
 
Introduction to Malwares
Introduction to MalwaresIntroduction to Malwares
Introduction to Malwares
 
Viruses, worms, and trojan horses
Viruses, worms, and trojan horsesViruses, worms, and trojan horses
Viruses, worms, and trojan horses
 
Viruses, worms, and trojan horses
Viruses, worms, and trojan horsesViruses, worms, and trojan horses
Viruses, worms, and trojan horses
 
Spo2 t19 spo2-t19
Spo2 t19 spo2-t19Spo2 t19 spo2-t19
Spo2 t19 spo2-t19
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and worms
 
Computer Introduction-Lecture04
Computer Introduction-Lecture04Computer Introduction-Lecture04
Computer Introduction-Lecture04
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
Laura informatica
Laura informaticaLaura informatica
Laura informatica
 
Web Security.pptx
Web Security.pptxWeb Security.pptx
Web Security.pptx
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and worms
 
Safe computing (circa 2004)
Safe computing (circa 2004)Safe computing (circa 2004)
Safe computing (circa 2004)
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentation
 

More from Ahmed Muzammil

Islam on respecting others
Islam on respecting othersIslam on respecting others
Islam on respecting others
Ahmed Muzammil
 
Children upbringing in Islam, Tiger and Panda Parenting
Children upbringing in Islam, Tiger and Panda ParentingChildren upbringing in Islam, Tiger and Panda Parenting
Children upbringing in Islam, Tiger and Panda Parenting
Ahmed Muzammil
 
What Islam Teaches You About Healthy Food - Healthy Foods and Myths
What Islam Teaches You About Healthy Food - Healthy Foods and MythsWhat Islam Teaches You About Healthy Food - Healthy Foods and Myths
What Islam Teaches You About Healthy Food - Healthy Foods and Myths
Ahmed Muzammil
 
Jaspersoft Reporting v5
Jaspersoft Reporting v5Jaspersoft Reporting v5
Jaspersoft Reporting v5
Ahmed Muzammil
 
XML Security Using XSLT
XML Security Using XSLTXML Security Using XSLT
XML Security Using XSLT
Ahmed Muzammil
 
Element wise encryption of XML using XSLT
Element wise encryption of XML using XSLTElement wise encryption of XML using XSLT
Element wise encryption of XML using XSLT
Ahmed Muzammil
 
Virus detection based on virus throttle technology
Virus detection based on virus throttle technologyVirus detection based on virus throttle technology
Virus detection based on virus throttle technology
Ahmed Muzammil
 
An Introduction to JSON JavaScript Object Notation
An Introduction to JSON JavaScript Object NotationAn Introduction to JSON JavaScript Object Notation
An Introduction to JSON JavaScript Object Notation
Ahmed Muzammil
 

More from Ahmed Muzammil (8)

Islam on respecting others
Islam on respecting othersIslam on respecting others
Islam on respecting others
 
Children upbringing in Islam, Tiger and Panda Parenting
Children upbringing in Islam, Tiger and Panda ParentingChildren upbringing in Islam, Tiger and Panda Parenting
Children upbringing in Islam, Tiger and Panda Parenting
 
What Islam Teaches You About Healthy Food - Healthy Foods and Myths
What Islam Teaches You About Healthy Food - Healthy Foods and MythsWhat Islam Teaches You About Healthy Food - Healthy Foods and Myths
What Islam Teaches You About Healthy Food - Healthy Foods and Myths
 
Jaspersoft Reporting v5
Jaspersoft Reporting v5Jaspersoft Reporting v5
Jaspersoft Reporting v5
 
XML Security Using XSLT
XML Security Using XSLTXML Security Using XSLT
XML Security Using XSLT
 
Element wise encryption of XML using XSLT
Element wise encryption of XML using XSLTElement wise encryption of XML using XSLT
Element wise encryption of XML using XSLT
 
Virus detection based on virus throttle technology
Virus detection based on virus throttle technologyVirus detection based on virus throttle technology
Virus detection based on virus throttle technology
 
An Introduction to JSON JavaScript Object Notation
An Introduction to JSON JavaScript Object NotationAn Introduction to JSON JavaScript Object Notation
An Introduction to JSON JavaScript Object Notation
 

Recently uploaded

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Virus detection based on virus throttle technology

  • 1. VIRUS DETECTION BASED ON VIRUS THROTTLE TECHNOLOGY Ahmed Muzammil Jamal Mohamed ahmedmuzammil@outlook.com
  • 2. Virus ¨  Infects or Corrupts Files ¨  Hidden in Code ¨  Can be Metamorphic ¨  Can’t Surivive Itself ¨  Propagates by sharing files ¨  Propagates by affecting open network shares
  • 3. Trojan ¨  Appears as a useful file - “waterfalls.scr” ¨  Undesired Functionality ¨  Executes malicious code along with the useful code ¨  Unable to identify by a naïve user
  • 4. Worm ¨  A malicious program ¨  Self Replicating ¨  Doesn’t need a host program ¨  Harms network - Consumes Local Resources - Consumes Bandwidth
  • 5. Limitations of Existing Virus Detection Methods ¨  They detect viruses based on signature recognition ¨  Based on physical characteristics of the virus ¨  Effectiveness decreases w.r.t. no. of viruses ¨  Takes time to release the signature of a new virus ¨  Need for a new solution: Machine Speed vs. Human Speed
  • 6. Virus Throttle – What is it ? ¨  Car Throttle – Reduce Speed ¨  Virus Throttle is based on the behavior of malicious code ¨  Malicious Code make many connections to new computers ¨  SQL Slammer - >800 Connections per Second ¨  Rate Limit on Connections to New Computers
  • 7. Virus Throttle – How It Works ?
  • 8. Example Worm – W32/Nimda-D ¨  Tests carried out at HP Labs using the W32/Nimda-D worm and several other test worms ¨  W32/Nimda-D - It is a mass-mailing worm - It affects both local files and network shares - Creates 120+ connections per second ¨  Test Worms had different frequencies of connections
  • 9. Detection of W32/Nimda-D Worm using the traditional approach ¨  The virus spreads rapidly ¨  Need for signature update ¨  Without signature update - Temporary Solution - Suspend the network - Financial / Productivity Loss ¨  After signature update - Each computer has to be disinfected - Takes days to complete
  • 10. Detection of W32/Nimda-D Worm using the Virus Throttle ¨  Throttle detects the process ¨  Throttle cuts the extra connections ¨  Thus no or less number of PCs are affected.
  • 11. Advantages of Virus Throttle ¨  Works without knowing anything about the virus ¨  Protection only slows down the network traffic ¤  Thus false negatives don’t have much effect ¨  Gives IT staff time to react ¨  Effects of deploying the Virus Throttle widely ¤  Difficult for viruses to spread at all
  • 12. Results connections stopping allowed per second   time   connections   Nimda   120   0.25s   1   Test Worm   20   5.44s   5   40   2.34s   2   60   1.37s   1   80   1.04s   1   100   0.91s   1   150   0.21s   0   200   0.02s   0   SQL Slammer   850   0.02s   0  
  • 13. Virus Detection on PC based on Virus Throttle Technology ¨  Traditional Virus Scanners scan all the files ¨  Consume much of the processing resource ¨  The new technique filters the files that have to be scanned.
  • 14. Components of the new technique for Virus Detection ¨  A gateway – Defined as THROTWALL ¨  A Traditional Virus Scanner
  • 15. THROTWALL ¨  THROTWALL is similar to firewall for networks and works on the basis of Virus Throttle. ¨  Monitors running processes for suspicious activity ¨  Protects the super resources ¨  When process requests
  • 16. Thank You… ¨  Read the research whitepaper here: Slideshare.net ¨  Like this presentation? Share it... ¨  Questions? Tweet me @ahmedmzl ¨  This presentation was presented at the following conferences: ¤  The IET-UK Present Around the World – India Finals ¤  National Conference on Communication and Informatics