Upload File

modelling and detection of camouflaging worm by siva.pptx by (2)

  • Home
  • Documents
  • Modelling and Detection of Camouflaging Worm by Siva.pptx by (2)
40
Modelling and detection of camouflaging worm

Upload: chikatisivashankar

Post on 20-Sep-2015

216 views

Category:

Documents


2 download

Report

DESCRIPTION

c-worm

TRANSCRIPT

Modelling and detection of camouflaging worm

Modelling and detection of camouflaging wormContentsIntroductionExisting systemProposed systemModulesTechniquesHardware requirementsSoftware requirementsUML diagramsSystem architectureConclusionIntroduction:Active worms cause major security threats to the internet.A worm is a standalone malware computer program that replicates itself in order to spread to other computer. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing systemContinued:The propagation of the worm is based on exploiting vulnerabilities of computers in the internetCode-red worm in 2001, slammer worm in 2003, witty/sasser worms in 2004.Major active worms are used to infect a large number of computers and recruit them as bots or zombies, which are networked together to form botnets.

Continued:These botnets can be used to: (a)launch massive distributed denial of service(DDOS) attack that disrupt the internet utilities (b)access confidential information that can be used misused, through large scale traffic sniffing,key logging, identifier theft e.t.c Continued:In this, we investigate a new class of active worms, referred to as Camouflaging Worm (C-Worm in short). The C-Worm is different from traditional worms because of its ability to intelligently manipulate its scan traffic volume over time. Thereby, the C-Worm camouflages its propagation from existing worm detection systems based on analyzing the propagation traffic generated by worms. We analyze characteristics of the C-Worm and conduct a comprehensive comparison between its traffic and non-worm traffic (background traffic). Continued:We observe that these two types of traffic are barely distinguishable in the time domain. However, their distinction is clear in the frequency domain, due to the recurring manipulative nature of the C-Worm. Motivated by our observations, we design a novel spectrum-based scheme to detect the C-Worm. Our scheme uses the Power Spectral Density (PSD) distribution of the scan traffic volume and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from background traffic

Continued:Using a comprehensive set of detection metrics and real-world traces as background traffic, we conduct extensive performance evaluations on our proposed spectrum-based detection scheme. The performance data clearly demonstrates that our scheme can effectively detect the C-Worm propagation. Furthermore, we show the generality of our spectrum-based scheme in effectively detecting not only the C-Worm, but traditional worms as well.

Existing system:The C-Worm is quite different from traditional worms in which it camouflages any noticeable trends in the number of infected computers over time. The camouflage is achieved by manipulating the scan traffic volume of worm-infected computers. Such a manipulation of the scan traffic volume prevents exhibition of any exponentially increasing trends or even crossing of thresholds that are tracked by existing detection schemes.

Drawbacks in existing system:C-Worm scan traffic shows no noticeable trends in the time domain, it demonstrates a distinct pattern in the frequency domain. Specifically, there is an obvious concentration within a narrow range of frequencies. This concentration within a narrow range of frequencies is inevitable since the C-Worm adapts to the dynamics of the Internet in a recurring manner for manipulating and controlling its overall scan traffic volume. Proposed system:We adopt frequency domain analysis techniques and develop a detection scheme against Wide-spreading of the C-Worm. Particularly, we develop a novel spectrum-based detection scheme that uses the Power Spectral Density (PSD) distribution of scan traffic volume in the frequency domain and its corresponding Spectral Flatness Measure (SFM) to distinguish the C-Worm traffic from non-worm traffic (background traffic).

Proposed system advantages in proposed systemOur evaluation data clearly demonstrate that our spectrum-based detection scheme achieves much better detection performance against the C-Worm propagation compared with existing detection schemes. Our evaluation also shows that our spectrum-based detection scheme is general enough to be used for effective detection of traditional worms as well.

Modules:UsersMonitoringCentralized data centerReport preparationReport distributionModule Description:User:In this module user can login to the centralized server for authentication, once the client is treated as authorized then it can share data with the neighbors in the network.

ClientData CenterServerModule Description:2. Monitoring:It will monitor the authorized clients for their transaction and it will identify the traffic log (IP address which are not commonly used and dark IP address).

Client 1 Client nMonitorModule Description:3. Centralized data center:It will collect all the traffic logs from various network monitors for identifying the worms by their IP address.

Client 1Client 1 Monitor 1ServerModule Description:4. Report preparation:The purpose of this module is to identify the actual worm by its ratio not by scan traffic time in order to detect the active worm and the normal worm.

Client 1Client 1Client 1Client 1 Monitor 1 Monitor nServerModule Description:5. Report distribution:The centralized data center has to distribute the report logs (dark IP address) to all the users in the network.

Client 1Client nClient 1Client n Monitor 1 Monitor nServerTechniques used:In this we use two types of techniquesThey are: (a)Power Spectral Density (b)Spectral Flatness MeasuresPOWER SPECTRAL DENSITY(PSD):The goal of spectral density estimation is to estimate the spectral density of a random signal from a sequence of time samples.

Continued:Depending on what is known about the signal, estimation techniques can involve parametric or non- parametric approaches, and may be based on time-domain or frequency-domain analysis. For example, a common parametric technique involves fitting the observations to an autoregressive model. A common non-parametric technique is the periodogram.

Continued:SPECTRAL FLATNESS MEASURE(SFM):Spectral flatnessortonality coefficient, also known asWiener entropy, is a measure used indigital signal processingto characterize an audiospectrum. Spectral flatness is typically measured indecibels, and provides a way to quantify howtone-like a sound is, as opposed to beingnoise-like.The meaning oftonalin this context is in the sense of the amount of peaks or resonant structure in a power spectrum, as opposed to flat spectrum of awhite noise.Continued:A low spectral flatness indicates that the spectral power is concentrated in a relatively small number of bands this would typically sound like a mixture ofsine waves, and the spectrum would appear "spiky".The spectral flatness is calculated by dividing thegeometric meanof the power spectrum by thearithmetic meanof the power spectrum, i.e.

Hardware Requirements: PROCESSOR : PENTIUM IV 2.6 GHzRAM :512 MB HARD DISK :20 GBSoftware Requirements:Front End : JAVA (SWINGS)Back End : MY SQL 2000/05Operating System : Windows XP/07IDE :Net Beans, Eclipse

UML diagramsThe Unified Modeling Language (UML) is a standardlanguage for specifying, visualizing, constructing, and documenting the artifacts of software systems, as well as for business modeling and other non-software systems. The UML represents a collection of best engineering practices that have proven successful in the modeling of large and complex systems.

The UML is a very important part of developing objects oriented software and the software development process. The UML uses mostly graphical notations to express the design of software projects.

Use case diagramA use case is a set of scenarios that describing an interaction between a user and a system. A use case diagram displays the relationship among actors and use cases. The two main components of a use case diagram are use cases and actors.

Usecase diagram

Class diagramThe classes in a class diagram represent both the main objects and or interactions in the application and the objects to be programmed. In the class diagram these classes are represented with boxes which contain three parts:The upper part holds the name of the classThe middle part contains the attributes of the classThe bottom part gives the methods or operations the class can take or undertake

Class diagram

Sequence diagramSequence diagram is the most common kind of interaction diagram, which focuses on the message interchange between a numbers of lifelines. Sequence diagram describes an interaction by focusing on the sequence of messages that are exchanged, along with their corresponding occurrence specifications on the lifelines.

Sequence diagram

Collaboration diagramCommunication diagram (called collaboration diagram in UML 1.x) is interaction diagram which shows interactions between objects and/or parts (represented as lifelines) using sequenced messages in a free-form arrangement.

Collaboration diagram

Activity diagram. Activity diagram is basically a flow chart to represent the flow form one activity to another activity. The activity can be described as an operation of the system. So the control flow is drawn from one operation to another. This flow can be sequential, branched or concurrent. Activity diagrams deals with all type of flow control by using different elements like fork, join etc.

Activity diagram

System architecture:Centralized data centerMonitor 1Monitor 3User 1User 2User 4User 5Monitor 2User 3Conclusion:In this paper we presented an analytical framework, based on Interactive Markov Chains, that can be used to study the dynamics of malware propagation on a network. The exact solution of a stochastic model intended to capture the probabilistic nature of malware propagation on an arbitrary topology appears to be a major challenge, because of the high computational complexity necessary to analyze very large systems.

Continued: However, one can resort to simple bounds and approximations in order to obtain a gross-level prediction of the system behavior that can help to understand important characteristics of malware propagation. Although we have focused on the modeling aspects of the problem, we believe our methodology can be usefully applied to evaluate different countermeasures against future malware activity, as well as fundamental issues on network vulnerability assessment.

Continued:Moreover, the flexibility of the approach based on IMCs allows to apply our work beyond the problem of malware spreading, addressing a wide variety of dynamic interactions on networks. Our modeling effort is to be considered a first step in a rather novel research area that we expect to gain more and more relevance in the next future.


Guinea Worm Disease By: Daniel Coward. Guinea Worm Disease It is a preventable waterborne disease caused by a parasite

CHM WORM GEARED MOTORS AND WORM GEAR UNITSold.chiaravalli.com/pol/pdf_motori/MOTORIDUTTORI_RIDUTTORI_VITE... · 26 chm - worm geared motors and worm gear units. chm - worm geared

Apartment size composting - Meetupfiles.meetup.com/1220149/Vermicomposting.pdfKnown also as worm compost, vermicast, worm castings, worm humus or worm manure, vermicompost is similar

An Analysis of the Slapper Worm Exploit - Symantecsecurityresponse.symantec.com/avcenter/reference/analysis.slapper... · An Analysis of the Slapper Worm Exploit by Frédéric Perriot

Educator's Guide: The Tequila Worm by Viola Canales

Worm Cost of worm attacks

WORLDWIDE GEAR REDUCERS Worm Gear Reducerscatalog.jamiesonequipment.com/Asset/WWE Aluminum Worm... · 2015. 7. 23. · Worm Gear Reducers. Aluminum Worm Gear Reducers. WORM GEAR REDUCERS

Reduction Worm Gear Box By Supertek Engineers

Sword and Sorcery Jump By Worm Anon

Finding the Worm by Mark Goldblatt | Chapter Sampler

Overcoming Limitations in Computer Worm Models by Frank S

WORM FARMING Vermiculture & Vermicomposting BY ROOM ONE

Morphology of the Adhesive System in the Sandcastle Worm ... · in the Sandcastle Worm, Phragmatopoma californica ... process were conducted by Jean Vovelle in three relat-ed worm

CAMOUFLAGING AND CONCEALING STRUCTURES FROM VISUAL

chm worm geared motors and worm gear units chm worm geared

PRELIMINARY SLIDESconference.hitb.org/hitbsecconf2012kul/materials... · Some XSS Attacks • 2005 - Myspace Worm, Facebook Worm • 2006 - Yammaner Worm • 2007 - Orkut Worm •

Worm Farming Fact Sheet - Hornsby Shire · 2013-07-22 · Benefits of Worm farming More than a third of your waste could be given to your worm farm. By worm farming your food scraps

Cadbury's worm issue case study by chaithanya & dhanya

Worm Bins Presentation by Spencer Myers. What is a Worm Bin? Decomposing food Bedding Material Worms Vermicompost (Vermicast & Compost)

Camouflaging of areas occupied by units of the Soviet Army

Automated Worm Fingerprinting - UCF Computer Scienceczou/CAP6133/AutomatedWormFingerprinting.pdf · Automated Worm Fingerprinting Paper By: Sumeet Singh, Cristian Estan, George Varghese

2011 modeling and detection of camouflaging worm

Worm Mine WormBase Workshop International Worm Meeting 2015

Camouflaging Vehicles Using Field Expedient Materials ... 26 - 1 UNCLASSIFIED/UNLIMITED UNCLASSIFIED/UNLIMITED Camouflaging Vehicles Using Field Expedient Materials, Commercial Hardware

Analog and Mixed-Signal IC Security Via Sizing Camouflaging

Modelling a Computer Worm Defense System By SENTHILKUMAR

The Worm and Other poems by Robert Rosenberg P. 2

WORM FARMS Worm Farms - City of Nedlands...Worm Farms City of Nedlands Waste Services For more information, contact The Worm Shed on 9571 8003 The Worm Shed’s Top tips for worm farmers

Anatomy of Disguise: Camouflaging Structures in Nymphs of Some

Camouflaging an object from many viewpoints

Dracunculiasis Guinea Worm Disease. Dracunculiasis Commonly as the Guinea worm disease Commonly as the Guinea worm disease Causes by the largest of tissue

1 To Worm or Not to Worm Presented by Lyn Dunsmuir Copyright 2005-2006 Linda Dunsmuir

Detection of Active Internet Worm Camouflaging Wormdoc

WORLDWIDE GEAR REDUCERS Worm Gear Reducerscatalog.jamiesonequipment.com/Asset/WWW Aluminum... · WORLDWIDE GEAR REDUCERS. Worm Gear Reducers. Aluminum Worm Gear Reducers. WORM GEAR

Diphyllobothrium Latum (Broad tape worm, Fish tape worm)