• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 9
  • 5
  • 4
  • 3
  • 2
  • 2
  • 1
  • 1
  • 1
  • Tagged with
  • 29
  • 10
  • 9
  • 7
  • 7
  • 6
  • 5
  • 5
  • 4
  • 4
  • 4
  • 3
  • 3
  • 3
  • 3
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
11

Antivirus performance in detecting Metasploit payloads : A Case Study on Anti-Virus Effectiveness

Nyberg, Eric, Dinis Ferreira, Leandro January 2023 (has links)
This paper will focus solely on the effectiveness of AV (antivirus) in detecting Metasploit payloads which have been encapsulated with different encapsulation modules. There seems to be a significant knowledge gap in the evaluation of commercial antivirus's software and their ability to detect malicious code and stop such code from being executed on IT systems. Therefore we would like to evaluate the capabilities of modern AV software with the use of penetration testing tools such as Metasploit. The research process is heavily reliant on a case study methodology as it can be argued that each payload generated reflects a case in itself. Firstly the payloads are generated and encapsulated through the self developed software, secondly they are uploaded to VirusTotal to be scanned with the use of their publicly available API, third the results are obtained from VirusTotal and stored locally. Lastly the results are filtered through with the software which in turn generates graphs of the results. These results will provide sufficient data in comparing encapsulation methods, payload detection rates, draw conclusions regarding which operating system may be most vulnerable as well as the overall state of modern AV software's capabilities in detecting malicious payloads. There are plenty of noteworthy conclusions to be drawn from the results, one of them being the most efficient encapsulation method powershell_base64 which had amongst the lowest detection rates in regards to the amounts of payloads it encoded, meaning that its encapsulation hid the malicious code from the AV at a higher degree than most the other encapsulation modules. The most noteworthy conclusion from the results gathered however is the encapsulation methods which obtained the absolute lowest detection rates, these were x86_nonalpha, x86_shikata_ga_nai, x86_xor_dynamic as well as payloads without any encoding at all, which had a few payloads reach among the lowest detection rates across the board (<20%).
12

AI som ett forensiskt verktyg : En undersökning av GPT:s potential för att upptäcka makro malware

Mourad, Ahmed, Tulehag, Joel January 2024 (has links)
I en tid där teknologin tagit en enorm framfart och integrerats djupt i både privatlivetoch arbetslivet, har levnadssättet underlättats avsevärt. Dessa förbättringar haremellertid inte genomförts felfritt, och lett till de tusentals säkerhetsbrister som kanäventyra funktionsdugligheten av digitala enheter. Bristerna har sedan exploaterats avaktörer i syfte att uppnå social eller ekonomisk vinning. Syftet med denna uppsats är att undersöka malwares storskaliga utveckling och vilkadrivkrafter som ligger bakom denna. Vidare utforskas förebyggande metoder motskadlig kod samt möjligheten att tillämpa artificiell intelligens som ett verktyg i dessasammanhang. Studien tillämpar en blandad metodansats genom en systematisklitteratursökning i kombination med ett kvantitativt experiment för att adresserabristerna i problemområdet. Resultatet tyder på att malwareutvecklingen och drivkrafterna varierar mellan olikaaktörer. Det förekommer attacker mot stater med politiska mål för att påverka samhälletnegativt, medan majoriteten av cyberangripare drivs av kapitalet och informationen somfinns att införskaffa och sälja på den svarta marknaden. För att effektivt motverkapotentiella attacker framhävs vikten av att ständigt hålla systemet och applikationernapå enheten uppdaterade. Det konstateras även att artificiell intelligens kan identifieraoch analysera den skadliga koden vilket påvisar dess kapacitet att fungera som enkomponent i antivirusprogram. / In an era where technology has made enormous progress and has become deeplyintegrated into private and professional lives, lifestyles have been considerablyfacilitated. However, these improvements have yet to be implemented flawlessly,leading to thousands of security vulnerabilities that can compromise digital devices.Actors have exploited these vulnerabilities to achieve social or economic gains. This thesis aims to explore the large-scale development of malware and the drivingforces behind it. Furthermore, it investigates preventive methods against malicioussoftware and the possibility of applying artificial intelligence as a tool in these contexts.The study applies a mixed method approach through a systematic literature searchcombined with a quantitative experiment to address the deficiencies in the problem area. The results indicate that the development of malware and driving forces vary amongdifferent actors. There are attacks against states and political targets to negativelyimpact society, while the majority of cyber attackers are driven by the capital andinformation that can be acquired and sold on the black market. To effectively counterpotential attacks, the importance of continuously keeping the system and applicationson the device updated is highlighted. It is also noted that artificial intelligence canidentify and analyze malicious code, demonstrating its capacity to function as acomponent in antivirus programs.
13

Evaluating the Necessity of Third-Party Antivirus Software

Baker, Erik January 2018 (has links)
Some may assume that it is essential to purchase and install antivirus software to protect the underlying layers of an IT infrastructure. However, nowadays the Windows 10 operating system is shipped with a built-in antivirus feature by default. With Microsoft being a large contender in the antivirus market it raises the question if it is necessary to use third-party antivirus software in a Windows 10 environment.   The aim of this research is to determine the necessity of third-party antivirus software by examining the detection capabilities and measuring the performance impact caused by third-party antivirus software, in comparison with the antivirus service that is integrated with the Windows 10 operating system. This was done by measuring the response time of certain user activities to determine how the user-experience is affected differently by using third-party antivirus software. In addition to the effect on performance, the documentation of the tested products was studied to determine if there is value in using non-integrated antivirus software.   The results of the performance benchmarks showed that overall there was a significant performance increase when using third-party antivirus. Additionally, the study showed that some third-party antivirus software offers more ways to detect malicious activities than Windows Defender Antivirus. These two facts put together suggests that using third-party antivirus software in a Windows 10 environment is necessary if there is a desire to increase the efficiency of performing certain user activities and if there is a desire to have more detection capabilities available.
14

Aktyvaus procesų stebėjimo kompiuteryje programinės įrangos kūrimas ir tyrimas / Desktop security software design and research

Jusas, Simonas 16 August 2007 (has links)
Šis darbas pradedamas nuo dabar kompiuteriui iškylančių grėsmių analizės. Nagrinėjami kenkėjiškos programinės įrangos tipai bei analizuojamos jų veiklos. Tuomet pristatomi populiariausi kovos su kenkėjiška programine įranga įrankiai – antivirusai. Nors antivirusų efektyvumas sprendžiant problemas yra didelis, tačiau jų požiūris į problemos sprendimą nesikeičia jau daugelį metų. Galbūt tas problemas galima spręsti kitaip ir tai daryti nemažesniu efektyvumu? Šis klausimas privertė iškelti teiginį, jog virusų sąrašus pakeitus gerų procesų sąrašu, taip pat sėkmingai būtų galima užtikrinti kompiuterio saugumą. Remiantis pagrindiniais antivirusų architektūros principais buvo suprojektuota ir sukurta aktyvaus procesų stebėjimo programinė įranga. Pakeitus virusų sąrašą gerų procesų sąrašu, pasikeitė programinės įrangos charakteristikos: nereikia saugoti ilgų sąrašų, nes gerų procesų yra kelis šimtus kartų mažiau, nereikia nuolatos skenuoti kompiuterio, tik naujo proceso startavimo metu. Šios idėjos leidžia sutaupyti kompiuterių resursus, kurie gali būti panaudoti vykdant kitą veiklą. Be abejonės sukurtas produktas dar negali nukonkuruoti antivirusinės programinės įrangos, tačiau darbe pristatytos idėjos neturėtų būti pamirštos, tolesnis jų vystymas gali išsirutulioti į labai sėkmingą ir galingą kompiuterio apsaugos įrankį. / In this paper computer security issues are considered. The malware types and principles of activity are presented. There is also overview of antivirus technology. The main idea of this paper is that active computer’s processes observation and whitelisting should improve computer security. The principles of antivirus architecture were adapted to actively observe computer processes and let run only good ones. There was investigation of program needs for computer resources in experimental part and results are very promising. However it wasn’t much better then antivirus software and still needs a lot of research to do, it may be the technology of the future.
15

Computer virus : design and detection

Arding, Petter, Hedelin, Hugo January 2014 (has links)
Computer viruses uses a few different techniques, with various intentions, toinfect files. However, what most of them have in common is that they wantto avoid detection by anti-malware software. To not get detected and stay unnoticed,virus creators have developed several methods for this. Anti-malwaresoftware is constantly trying to counter these methods of virus infections withtheir own detection-techniques. In this paper we have analyzed the differenttypes of viruses and their infection techniques, and tried to determined whichworks the best to avoid detection. In the experiments we have done we havesimulated executing the viruses at the same time as an anti-malware softwarewas running. Our conclusion is that metamorphic viruses uses the best methodsto stay unnoticed by anti-malware software’s detection techniques.
16

Étude du mécanisme moléculaire de résistance antivirale du cytomégalovirus humain et des mutations de l’ADN polymérase UL54 qui lui sont associées

Allaire, Andréa January 2017 (has links)
Le cytomégalovirus humain (HCMV), un membre de la famille des Herpesviridae, cause des infections latentes chez plus de la moitié (60 %) de la population dans les pays développés. Cette proportion peut atteindre jusqu’à la totalité (100%) de la population dans les pays en voie de développement. Sa primo-infection chez le foetus en développement ou chez le nouveau-né ainsi que sa réactivation chez les individus immunodéprimés sont associés à de nombreux cas de morbidité et de mortalité. L’infection congénitale est l’infection à HCMV la plus importante et engendre un coût économique de plus de 2 milliards de dollars américains chaque année. Aucun vaccin n’est approuvé à ce jour pour la prévention de l’infection à HCMV. Cependant, des antiviraux sont disponibles pour le traitement de cette infection. Parmi ceux-ci, on retrouve trois types d’analogues : un analogue nucléosidique (ganciclovir), un analogue nucléosidique monophosphaté (cidofovir) et un analogue du pyrophosphate inorganique (foscarnet). Ces antiviraux ont tous comme cible commune l’ADN polymérase virale. Toutefois, de nombreuses souches résistantes à ces antiviraux sont retrouvées chez certains individus infectés. Ces souches résistantes présentent de nombreuses mutations au niveau du gène viral qui encode pour l’ADN polymérase UL54 du cytomégalovirus. Jusqu’à présent dans la littérature, seule l’association entre les mutations et la résistance antivirale a été proposée. Les travaux présentés dans ce mémoire visent à mieux comprendre l’effet des mutations sur la liaison des antiviraux à la polymérase et donc éventuellement élucider le mécanisme moléculaire de résistance aux antiviraux chez ce pathogène. Cette recherche a permis de déterminer que les mutations, associées à la résistance antivirale, affectent la liaison optimale des désoxynucléotides (dNTPs) et bloquent la liaison de l’antiviral (foscarnet) à l’ADN polymérase virale UL54. Toutefois, ces mutations n’affectent pas la liaison de l’ADN simple brin à celle-ci. De plus, selon l’étude présentée ici, les mutations n’affectent pas le repliement global de l’ADN polymérase virale. Le mécanisme de résistance moléculaire semble donc avoir un impact très local sur la protéine. Peu d’informations sur la structure de cette polymérase virale sont disponibles à ce jour dans la littérature. Il serait donc pertinent d’élucider la structure cristallographique de cette polymérase pour éventuellement étudier l’effet structural des mutations sur la polymérase et ainsi élucider le ou les mécanismes moléculaires de résistance aux antiviraux.
17

Proxy firewall / Proxy firewall

Kugler, Zdeněk January 2009 (has links)
This diploma thesis deals with the topic of proxy servers and firewalls and considers other associated technologies and network techniques. It systematically describes the general issues of firewalls, with a special focus on proxy firewalls and their safety. Additional systems mentioned in this document are intrusion detection systems (IDS), antivirus systems and content control filters – as these are also connected with safety of networks, servers and workstations or with limiting various Internet sources. IDS systems can be typically supplemented with various additional applications or tools that enrich them and increase their potential – including graphic additions. This part is remembered too. Some systems can communicate with each other, which is successfully utilised (FW & IDS co-operation, for example). The purpose of the first large chapter is to present firewall technologies, to list firewall types, their basic functionality and to present the final comparison. It marginally mentions firewall applications in practice. Chapter two explains the theory of network address translation (NAT), deals with its functionality, safety and with limiting the NAT mechanism. Chapter three brings a comprehensive presentation of proxy servers. It explains their principle from the point of view of functionality and the specification of application areas. The chapter is complete with a clear list of proxy server types and their descriptions. The last chapter named Linux Proxy Firewall is the key part of the work. It deals generally with the Linux platform, the Debian GNU/Linux distribution, principles of safety policy, network configuration, network server safety, Linux firewalls (Netfilter framework, Iptables tool) and with the Squid proxy server. The following subchapters respect the previous structure: they describe the theories of intrusion detection systems, antivirus checks and content filtering based on different methods. All this is presented similarly to the previous chapters. A proxy firewall solution built on the Linux operating system has been proposed in the practical part. The Debian GNU/Linux distribution has been chosen, being very suitable for server use due to its features. This environment is also used for additional safety software contained in the proxy firewall: antivirus protection, content filtering and an intrusion detection system. The priority is the most comprehensive computer network security, which requires detection abilities with the broadest possible coverage in the area of network safety. The purpose of this diploma thesis is not only to describe the principle of operation of proxy servers and to compare them with other types and other systems, but it also brings my own proposed free solution, which increases network safety and has the ambition of comparing it with clearly commercial products available on the market.
18

Antivirová ochrana počítače z bootovacího úložiště / Antivirus protection of a computer from a boot repository

Mlejnek, Jiří January 2012 (has links)
ABSTRACT Theme of the thesis is the design method of anti-virus protection with the use of an alternative boot store. Processed is a related issue of viruses and the possibility of defenses against them. This thesis is focused on the design and selection of components solutions enabling the execution of antivirus test from the undistorted by the operating system. With selected components continues to realize an alternative booting the operating system from a Windows platform computer network with automatic virus checking of all local disks. The results of inspection are transmitted using signed files on a network server and typically give an overview of the results of the individual tests.
19

Mail-Filter-Funktionen

Leuschner, Jens 27 February 2002 (has links)
Im Rahmen dieser Studienarbeit wird untersucht, welche Lösungen es momentan zur Filterung von Email mit unerwünschten Schadensfunktionen auf Mailservern gibt. Dabei werden sowohl offene als auch proprietäre Lösungen betrachtet und die momentanen Randbedingungen der TU Chemnitz beachtet.
20

Live antivirusprogram i PHP : Med fokus inom CMS-verktyg och plugins / Live antivirus software in PHP : Focusing on CMS-verktyg and plugins

Huynh, Henry January 2020 (has links)
Syftet med detta arbete är att undersöka hur WordPress påverkas i prestanda med plugin installerade med ett live-antivirusprogram som körs i bakgrunden. Liveantivirusprogrammet söker igenom koder i webbsidan efter säkerhetsrisken base64. Säkerhetsriskerna visas senare detaljerade i en lista vart i sökvägen samt fil som blivit infekterad. Dessutom med hjälp av en tidtagar ur beräknas start-sluttid för varje mätning av svarstid. Resultatet från experimentet visar att live-antivirusprogrammet inte har sådan stor påverkan hos prestandan då plugin är syftet till att svarstider blir olika.

Page generated in 0.0495 seconds