Malware 6s6f5m
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report r6l17
Overview 4q3b3c
& View Malware as PDF for free.
More details 26j3b
- Words: 789
- Pages: 28
M.MONIKA(51108104049) G.REVATHI(51108104074) J.SOPNA(51108104092) Internal guide Ms.M.Mekala,M.Tech., Department of CSE, REC.
Project coordinator Mr.S.BALAJI.M.E., Department of CSE, REC.
We formulate an analytical model to characterize the spread of malware in decentralized, Gnutella type peer-to-peer (P2P) networks and study the dynamics associated with the spread of malware.
Using a compartmental model, we derive the system parameters or network conditions under which the P2P network may reach a malware free equilibrium.
The model also evaluates the effect of control strategies like node quarantine on stifling the spread of malware.
A Gnutella searches for media files in the infected computer, the virus always appears as an answer to the request, leading the to believe that it is the file the searched for.
The design of the search technique has the following implications: First, the worms can spread much faster, since they do not have to probe for susceptible hosts and
Second, the rate of failed connections is less. Thus, rapid proliferation of malware can pose a serious security threat to the functioning of P2P networks.
The transfer of information in a P2P network is initiated with a search request for it. This paper assumes that the search mechanism employed is flooding, as in Gnutella networks. In this scenario, a peer searching for a file forwards a query to all its neighbors. A peer receiving the query first responds affirmatively if in possession of the file and then checks the TTL of the query. If this value is greater than zero, it forwards the query outwards to its neighbors, else, the query is discarded. In our scenario, it suffices to distinguish any file in the network as being either malware or otherwise.
In the Proposed System of implementation, every nodes Behavior is verified continuously by the rest of the Peers. If the abnormal Behavior is shown a peer then rest of the peers will identify the malicious activity with respect to that Peer’s Behavior.
So finally the Worm affected Peer will be removed from the network and Quarantine is provided to kill the Malware activity and to remove the Worm from that Peer. Only then the worm is removed, the peer is added again in the network.
Are achieved in the Modeling of Worms. We Model Two Worms namely, Shut Down Worm and New Folder Creation Worm. .
Patches are distributed dynamically to kill the Worms in the P2P Network
Functional diagram Client
Request a file with TTL
Node 1
Node 2
Send the TTL time
If is possible to hacker hack a system and change the time
Client chooses the node which will give minimum time so, it will take that node that will attacked by worm
Client attacked by worm
Given the patches to the client and kill the worm
Node 3
Modules Network construction TTL calculation Worm modeling Worm detection
Dynamic patch distribution Attacker source elimination
Network Construction This module is developed in order to create a dynamic network. In a network, nodes are interconnected with the , which is monitoring all the other nodes. Through the connection only is possible to spread the worm. All nodes are sharing their information with each others.
TTL Calculation Time-to-live is a value in an Internet Protocol (IP) packet that tells a network router whether or not the packet has been in the network too long and should be discarded
Worm modeling That worm will be used to shutdown and creation of new folder to increase the overhead. How means, a firewall is not blocking incoming or controlling outgoing connections.
Worm detection Network worms are malicious programs that spread automatically across networks by exploiting vulnerabilities that affect a large number of hosts.
By monitoring the behavior we can able to find whether the system is affected or not
.
Dynamic patch distribution
periodically checks all the controls of his system.
If he sees any types of behavioral changes then immediately he will produce the patch file and kill the worm.
Attacker Source Elimination
We are identifying the Source of the Worm creator & we can eliminate that system from the network.
This process of elimination would create more secured communication.
Software
specifications:
Platform Front End Back End
:Windows Xp : Java JDK1.5, :MS SQL server
Hardware
Specifications:
Processor RAM HDD
:Pentium IV :512 MB :80 GB
CONCLUSION To avoid spreading of worm in the network all the system behavior is maintained by one node named as guardian node. To remove the worm patches are distributed to that particular node . Finally worm is deleted to perform a secured peer to peer networks.
THANK YOU
Project coordinator Mr.S.BALAJI.M.E., Department of CSE, REC.
We formulate an analytical model to characterize the spread of malware in decentralized, Gnutella type peer-to-peer (P2P) networks and study the dynamics associated with the spread of malware.
Using a compartmental model, we derive the system parameters or network conditions under which the P2P network may reach a malware free equilibrium.
The model also evaluates the effect of control strategies like node quarantine on stifling the spread of malware.
A Gnutella searches for media files in the infected computer, the virus always appears as an answer to the request, leading the to believe that it is the file the searched for.
The design of the search technique has the following implications: First, the worms can spread much faster, since they do not have to probe for susceptible hosts and
Second, the rate of failed connections is less. Thus, rapid proliferation of malware can pose a serious security threat to the functioning of P2P networks.
The transfer of information in a P2P network is initiated with a search request for it. This paper assumes that the search mechanism employed is flooding, as in Gnutella networks. In this scenario, a peer searching for a file forwards a query to all its neighbors. A peer receiving the query first responds affirmatively if in possession of the file and then checks the TTL of the query. If this value is greater than zero, it forwards the query outwards to its neighbors, else, the query is discarded. In our scenario, it suffices to distinguish any file in the network as being either malware or otherwise.
In the Proposed System of implementation, every nodes Behavior is verified continuously by the rest of the Peers. If the abnormal Behavior is shown a peer then rest of the peers will identify the malicious activity with respect to that Peer’s Behavior.
So finally the Worm affected Peer will be removed from the network and Quarantine is provided to kill the Malware activity and to remove the Worm from that Peer. Only then the worm is removed, the peer is added again in the network.
Are achieved in the Modeling of Worms. We Model Two Worms namely, Shut Down Worm and New Folder Creation Worm. .
Patches are distributed dynamically to kill the Worms in the P2P Network
Functional diagram Client
Request a file with TTL
Node 1
Node 2
Send the TTL time
If is possible to hacker hack a system and change the time
Client chooses the node which will give minimum time so, it will take that node that will attacked by worm
Client attacked by worm
Given the patches to the client and kill the worm
Node 3
Modules Network construction TTL calculation Worm modeling Worm detection
Dynamic patch distribution Attacker source elimination
Network Construction This module is developed in order to create a dynamic network. In a network, nodes are interconnected with the , which is monitoring all the other nodes. Through the connection only is possible to spread the worm. All nodes are sharing their information with each others.
TTL Calculation Time-to-live is a value in an Internet Protocol (IP) packet that tells a network router whether or not the packet has been in the network too long and should be discarded
Worm modeling That worm will be used to shutdown and creation of new folder to increase the overhead. How means, a firewall is not blocking incoming or controlling outgoing connections.
Worm detection Network worms are malicious programs that spread automatically across networks by exploiting vulnerabilities that affect a large number of hosts.
By monitoring the behavior we can able to find whether the system is affected or not
.
Dynamic patch distribution
periodically checks all the controls of his system.
If he sees any types of behavioral changes then immediately he will produce the patch file and kill the worm.
Attacker Source Elimination
We are identifying the Source of the Worm creator & we can eliminate that system from the network.
This process of elimination would create more secured communication.
Software
specifications:
Platform Front End Back End
:Windows Xp : Java JDK1.5, :MS SQL server
Hardware
Specifications:
Processor RAM HDD
:Pentium IV :512 MB :80 GB
CONCLUSION To avoid spreading of worm in the network all the system behavior is maintained by one node named as guardian node. To remove the worm patches are distributed to that particular node . Finally worm is deleted to perform a secured peer to peer networks.
THANK YOU
Related Documents 171j1w
Malware 6s6f5m
May 2022 0
Mengenal Malware 1r523v
March 2021 0
Malware Persistent 3v6l1f
November 2022 0
Malware Analysis Cheat Sheet 1l5u1r
February 2021 0
Advanced Malware Analysis 146j30
December 2021 0
Malware Scan Result 0308 6w531w
May 2023 0More Documents from "ccn07" 4b1ju