Spelling suggestions: "subject:"computer virus"" "subject:"computer dirus""
1 |
A Behavior Based Approach to Virus DetectionMorales, Jose Andre 24 March 2008 (has links)
Fast spreading unknown viruses have caused major damage on computer systems upon their initial release. Current detection methods have lacked capabilities to detect unknown virus quickly enough to avoid mass spreading and damage. This dissertation has presented a behavior based approach to detecting known and unknown viruses based on their attempt to replicate. Replication is the qualifying fundamental characteristic of a virus and is consistently present in all viruses making this approach applicable to viruses belonging to many classes and executing under several conditions. A form of replication called self-reference replication, (SR-replication), has been formalized as one main type of replication which specifically replicates by modifying or creating other files on a system to include the virus itself. This replication type was used to detect viruses attempting replication by referencing themselves which is a necessary step to successfully replicate files. The approach does not require a priori knowledge about known viruses. Detection was accomplished at runtime by monitoring currently executing processes attempting to replicate. Two implementation prototypes of the detection approach called SRRAT were created and tested on the Microsoft Windows operating systems focusing on the tracking of user mode Win32 API system calls and Kernel mode system services. The research results showed SR-replication capable of distinguishing between file infecting viruses and benign processes with little or no false positives and false negatives.
|
2 |
Des fondements de la virologie informatique vers une immunologie formelle / From the computer virology fudments toward a formal immunologyKaczmarek, Matthieu 03 December 2008 (has links)
Cette thèse aborde trois thèmes : la formalisation de la virologie informatique, l'élaboration de protections contre l'auto-reproduction et le problème de la détection des programmes malicieux. Nous proposons une formalisation s'appuyant sur les fondements de l'informatique théorique et sur les travaux fondateurs de la discipline. Nous obtenons un formalisme souple où le théorème de récursion prend le rôle d'un compilateur de virus informatiques. Ce théorème trouve alors la place qui lui manquait encore dans la théorie de la programmation. Ce formalisme nous fournit des bases suffisamment solides pour étudier de nouvelles stratégies de protection. Dans un premier temps nous nous intéressons aux relations qu'entretiennent auto-reproduction et capacités de calcul afin d'identifier un modèle raisonnable où l'auto-reproduction est impossible. Ensuite nous exposons deux stratégies construite sur la complexité de Kolmogorov, un outil de l'informatique théorique reliant la sémantique et la syntaxe concrète d'un langage de programmation. Le thème de la détection comporte deux parties. La première traite de la difficulté de la détection des virus informatiques : nous identifions les classes de la hiérarchie arithmétique correspondant à différents scénarios d'infections informatiques. La seconde partie aborde des aspects plus pratiques en décrivant l'architecture d'un détecteur de programmes malicieux conçu durant cette thèse. Ce prototype utilise une détection morphologique, l'idée est de reconnaître la forme des programmes malicieux en utilisant des critères syntaxiques et sémantiques / This dissertation tackles three topics: the formalization of the computer virology, the construction of protections against self-reproduction and the issue of malware detection. We propose a formalization that is based over computer science foundations and over the founder works of the discipline. We obtain a generic framework where the recursion theorem takes a key role. This theorem is seen as computer virus compiler, this approach provides a new programming perspective. The sound basis of this framework allows to study new protection strategies. First, we analyze the relations between the notion of self-reproduction and the computation capabilities. We aims at identifying a reasonable model of computation where self-reproduction is impossible. Then we propose two defense strategies based on the Kolmogorov complexity, a tool which relates the semantics to the concrete syntax of programming languages. We treat the issue of malware detection in two steps. First, we study the difficulty related to the detection of several scenarios of computer infection. Second, we present a malware detector that was designed during the thesis. It is based on a morphological detection which allies syntaxical and semantical criteria to identify the shapes of malware
|
3 |
Analyse dynamique de logiciels malveillants / Dynamic Analysis of Malicious SoftwareCalvet, Joan 23 August 2013 (has links)
L'objectif de cette thèse est le développement de méthodes de compréhension des logiciels malveillants, afin d'aider l'analyste humain à mieux appréhender cette menace. La première réalisation de cette thèse est une analyse à grande échelle et en profondeur des protections de logiciels malveillants. Plus précisément, nous avons étudié des centaines d'exemplaires de logiciels malveillants, soigneusement sélectionnés pour leur dangerosité. En mesurant de façon automatique un ensemble de caractéristiques originales, nous avons pu alors montrer l'existence d'un modèle de protection particulièrement prévalent dans ces programmes, qui est basé sur l'auto modification du code et sur une limite stricte entre code de protection et code utile. Ensuite, nous avons développé une méthode d'identification d'implémentations cryptographiques adaptée aux programmes en langage machine protégés. Nous avons validé notre approche en identifiant de nombreuses implémentations d'algorithmes cryptographiques -- dont la majorité sont complètement invisibles pour les outils existants --, et ceci en particulier dans des protections singulièrement obscures de logiciels malveillants. Finalement, nous avons développé ce qui est, à notre connaissance, le premier environnement d'émulation de réseaux de machines infectées avec plusieurs milliers de machines. Grâce à cela, nous avons montré que l'exploitation d'une vulnérabilité du protocole pair-à-pair du réseau Waledac permet de prendre son contrôle / The main goal of this thesis is the development of malware analysis methods to help human analysts better comprehend the threat it represents. The first achievement in this thesis is the large-scale and in-depth analysis of malware protection techniques. In particular, we have studied hundreds of malware samples, carefully selected according to their threat level. By automatically measuring a set of original characteristics, we have been able to demonstrate the existence of a particularly prevalent model of protection in these programmes that is based on self-modifying code and on a strict delimitation between protection code and payload code. Then, we have developed an identification method for cryptographic implementations adapted to protected machine language programmes. We have validated our approach by identifying several implementations of cryptographic algorithms ---the majority unidentified by existing tools--- and this even in particularly obscure malware protection schemes. Finally, we have developed what is, to our knowledge, the first emulation environment for botnets involving several thousands of machines. Thanks to this, we were able to validate the viability of the use of a vulnerability in the peer-to-peer protocol in the Waledac botnet to take over this network
|
4 |
Overcoming Limitations in Computer Worm ModelsPosluszny III, Frank S 31 January 2005 (has links)
In less than two decades, destruction and abuse caused by computer viruses and worms have grown from an anomaly to an everyday occurrence. In recent years, the Computer Emergency Response Team (CERT) has recorded a steady increase in software defects and vulnerabilities, similar to those exploited by the Slammer and Code Red worms. In response to such a threat, the academic community has started a set of research projects seeking to understand worm behavior through creation of highly theoretical and generalized models. Staniford et. al. created a model to explain the propagation behaviors of such worms in computer network environments. Their model makes use of the Kermack-McKendrick biological model of propagation as applied to digital systems. Liljenstam et. al. add a spatial perspective to this model, varying the infection rate by the scanning worms' source and destination groups. These models have been shown to describe generic Internet-scale behavior. However, they are lacking from a localized (campus-scale) network perspective. We make the claim that certain real-world constraints, such as bandwidth and heterogeneity of hosts, affect the propagation of worms and thus should not be ignored when creating models for analysis. In setting up a testing environment for this hypothesis, we have identified areas that need further work in the computer worm research community. These include availability of real-world data, a generalized and behaviorally complete worm model, and packet-based simulations. The major contributions of this thesis involve a parameterized, algorithmic worm model, an openly available worm simulation package (based on SSFNet and SSF.App.Worm), analysis of test results showing justification to our claim, and suggested future directions.
|
5 |
Computer viruses: The threat today and the expected future / Datorvirus: Dagens situation och förväntad utvecklingLi, Xin January 2003 (has links)
<p>This Master’s Thesis within the area computer security concerns ”Computer viruses: The threat today and the expected future”. </p><p>Firstly, the definitions of computer virus and the related threats are presented; Secondly, current situation of computer viruses are discussed, the working and spreading mechanisms of computer viruses are reviewed in details, simplistic attitude of computer world in computer virus defence is analyzed; Thirdly, today’s influencing factors for near future computer virus epidemics are explained, then it further predicts new possible types of computer viruses in the near future; Furthermore, currently available anti-virus technologies are analyzed concerning both advantages and disadvantages; Finally, new promising trends in computer virus defence are explored in details.</p>
|
6 |
The Development of China's Information Warfare and It Impact on Taiwan's National DefenseChou, Fang-Yi 09 February 2009 (has links)
In 1991 Persian Gulf war US has used the innumerable high-tech weapons, not only wins Iraq, but also lets various countries broaden the outlook.Thus it urges various countries military national defense to present the revolutionary change.The massive information technology skill is utilized at the military war, by the information military national defense concept primarily, launched rapidly.
Receiveing this military revolution as well as the economic growth and the high-tech industry's rapidly expanding. The PLA starts to impel that it constructs the information troops and develops high-tech weapons systm including space technology. The PLA uses the information warfare to enter each kind of information attack, affect government's effective operation and the society stable without the world consensus pressure. It could relieve Taiwan rapidly and achieves it¡¦s political and the military purpose before other country military interference.
This research's discovery is that compareing with mainland China, Taiwan is a highly information society. Facing the PLA¡¦s information menace, we should grasp the information superiority , strengthen the protection work, promot modernization armament, maintain the defense capability effectively and national information security by the outstanding information ability. In oder to achieve the prevention of war and the defense goal, now providing the following suggestion¡G
1¡BSelecting the outstanding talent and promoting the national troops quality.
2¡BExpaning crosswise Military organization and storing up the information defense ability.
3¡BEstablishing information strategy instruction and strengthening all the people defense education.
4¡BConstructing the information security system and establishing the information infrastructure.
5¡BStrengthening the information psychological warfare, the law warfare, sedan chair controversy.
6¡BUsing the folk technical force strengthens national defense whole.
|
7 |
Computer virus : design and detectionArding, Petter, Hedelin, Hugo January 2014 (has links)
Computer viruses uses a few different techniques, with various intentions, toinfect files. However, what most of them have in common is that they wantto avoid detection by anti-malware software. To not get detected and stay unnoticed,virus creators have developed several methods for this. Anti-malwaresoftware is constantly trying to counter these methods of virus infections withtheir own detection-techniques. In this paper we have analyzed the differenttypes of viruses and their infection techniques, and tried to determined whichworks the best to avoid detection. In the experiments we have done we havesimulated executing the viruses at the same time as an anti-malware softwarewas running. Our conclusion is that metamorphic viruses uses the best methodsto stay unnoticed by anti-malware software’s detection techniques.
|
8 |
Malware analysis and detection in enterprise systemsMokoena, Tebogo 03 1900 (has links)
M. Tech. (Department of Information Technology, Faculty of Applied and Computer Sciences), Vaal University of Technology / Malware is today one of the biggest security threats to the Internet. Malware is any malicious software with the intent to perform malevolent activities on a targeted system. Viruses, worms, trojans, backdoors and adware are but a few examples that fall under the umbrella of malware.
The purpose of this research is to investigate techniques that are used in order to effectively perform Malware analysis and detection on enterprise systems to reduce the damage of malware attacks on the operation of organizations.
Malware analysis experiments were carried out using the two techniques of malware analysis, which are Dynamic and Static analysis, on two different malware samples. Portable executable and Microsoft word document files were the two samples that were analysed in an isolated sandbox lab environment.
Static analysis is the process of examining and extracting information from malware code without executing the malware, while Dynamic analysis is the process of executing malware in order to observe and record its behaviour in a controlled environment.
The results from the experiments disclosed the behaviour, encryption techniques, and other techniques employed by the malware samples. These malware analysis experiments were carried out in an isolated lab environment that was built for the purpose of this research.
The results showed that Dynamic analysis is more effective than Static analysis. The study proposes the use of both techniques for comprehensive malware analysis and detection.
|
9 |
Le champ sémantique du concept virus informatique / Sąvokos kompiuterių virusas semantinis laukas / The semantic field of the concept computer virusPaura, Markas 30 December 2014 (has links)
Nous avons établi, dans la base des descriptions des menaces informatiques Threat Explorer de Symantec un groupe de descriptions répertoriées virus et nous avons essayé de les traduire en lituanien en nous servant des sources terminographiques qui sont à disposition en lituanien et qui datent de 1971 à 2012. Très vite, nous nous sommes rendus compte qu’un groupe assez important de termes anglais et français désignant différents types de virus informatiques n’avaient pas d’équivalents lituaniens. De même, nous avons observé que, pendant une trentaine d’années de son existence, le concept de virus informatique a toujours été confondu avec d’autres concepts de même niveau tels que ver informatique, ou tout court ver, et cheval de Troie. Ces confusions ont engendré un échec de traduction des descriptions mentionnées précédemment et nous ont ammené vers l’idée de rédiger un travail, la présente thèse, afin d’identifier les raisons de l’impossibilité de nous fier aux sources terminologiques lituaniennes, de les analyser pour ensuite proposer des solutions fondées sur les conclusions d’une étude scientifique. / Sąvoka kompiuterių virusas gyvuoja nuo 1984 m., tačiau net ir praėjus trims dešimtmečiams lietuvių kalboje ji vis dar nėra pakankamai diferencijuota, tebėra painiojama su kitomis kompiuterių saugumui priskiriamomis sąvokomis, dažniausiai kirminu ir Trojos arkliu. Iki šiol nebuvo atlikta išsamių lingvistinių nagrinėjamos sąvokos ir jos žymiklio tyrimų lietuvių kalba. Šios disertacijos tikslas – aprašyti sąvokos kompiuterių virusas semantinį lauką, kurio pagrindas yra termino kompiuterių virusas mikrosistema. Tirta 919 Symantec kompiuterių grėsmių banke Threat Explorer paskelbtų kompiuterių grėsmių aprašų su žyma Virus, Threat Explorer partnerių terminografiniai ištekliai ir Lietuvoje nuo 1984 m. iki 2006 m. išleisti kompiuterijos terminų žodynai bei tuo pačiu laikotarpiu paskelbti analitiniai straipsniai apie kompiuterijos leksiką Lietuvos mokslo leidiniuose. Sąvokos raidai įvertinti įtraukta papildomų terminografinių išteklių lietuvių ir prancūzų kalbomis. Visi surinkti terminologiniai duomenys apie nagrinėjamos sąvokos semantinį lauką, kurį šiame darbe sudaro 177 sąvokos, tirti taikant šiuos metodus: lyginamąjį, aprašomąjį, komponentinės analizės ir aukštynkryptės analizės metodais. Tyrimo metu paaiškėjo, kad disertacijoje nagrinėjamos sąvokos semantinį lauką dėl jį sudarančių sąvokų tarpusavio hierarchinių santykių galima gana tiksliai apibrėžti. Toks semantinių laukų teorijos taikymas terminologiniams duomenims, iš kurių svarbiausiu laikoma intensinė termino apibrėžtis... [toliau žr. visą tekstą] / The concept “computer virus” has been in existence since 1984. However despite the fact that almost 30 years have passed, it is not properly defined in Lithuanian sources and is still confused with other concepts tied to computer security, most often with concepts such as “worms” and “Trojan horses.” There has never been comprehensive linguistic research carried out on this concept and its signifier in Lithuanian. The aim of this dissertation is to describe the semantic field of the concept “computer virus,” the basis of which is the microsystem of the term “computer virus.” The following was used for the research: a total of 919 computer threat descriptions included in the Symantec computer threat bank that are tagged virus, the terminographical resources of Threat Explorer partners and computer terminology dictionaries published in Lithuania from 1984 to 2006 as well as analytical articles about computer terminology in Lithuanian scientific journals during the same period. Additional terminographical resources in Lithuanian and French are included in the research to assess and analyze the development of this concept. All of the terminological date that was collected concerning the semantic field of the concept in question (comprised of 177 concepts in this work) was analysed using the following methods: the comparative method, descriptive method, componential analysis and uplink analysis. As the research was carried out, it became clear that the semantic field of the... [to full text]
|
10 |
Sąvokos kompiuterių virusas semantinis laukas / The Semantic Field of the Concept Computer VirusPaura, Markas 30 December 2014 (has links)
Sąvoka kompiuterių virusas gyvuoja nuo 1984 m., tačiau net ir praėjus trims dešimtmečiams lietuvių kalboje ji vis dar nėra pakankamai diferencijuota, tebėra painiojama su kitomis kompiuterių saugumui priskiriamomis sąvokomis, dažniausiai kirminu ir Trojos arkliu. Iki šiol nebuvo atlikta išsamių lingvistinių nagrinėjamos sąvokos ir jos žymiklio tyrimų lietuvių kalba. Šios disertacijos tikslas – aprašyti sąvokos kompiuterių virusas semantinį lauką, kurio pagrindas yra termino kompiuterių virusas mikrosistema. Tirta 919 Symantec kompiuterių grėsmių banke Threat Explorer paskelbtų kompiuterių grėsmių aprašų su žyma Virus, Threat Explorer partnerių terminografiniai ištekliai ir Lietuvoje nuo 1984 m. iki 2006 m. išleisti kompiuterijos terminų žodynai bei tuo pačiu laikotarpiu paskelbti analitiniai straipsniai apie kompiuterijos leksiką Lietuvos mokslo leidiniuose. Sąvokos raidai įvertinti įtraukta papildomų terminografinių išteklių lietuvių ir prancūzų kalbomis. Visi surinkti terminologiniai duomenys apie nagrinėjamos sąvokos semantinį lauką, kurį šiame darbe sudaro 177 sąvokos, tirti taikant šiuos metodus: lyginamąjį, aprašomąjį, komponentinės analizės ir aukštynkryptės analizės metodais. Tyrimo metu paaiškėjo, kad disertacijoje nagrinėjamos sąvokos semantinį lauką dėl jį sudarančių sąvokų tarpusavio hierarchinių santykių galima gana tiksliai apibrėžti. Toks semantinių laukų teorijos taikymas terminologiniams duomenims, iš kurių svarbiausiu laikoma intensinė termino apibrėžtis... [toliau žr. visą tekstą] / The concept “computer virus” has been in existence since 1984. However despite the fact that almost 30 years have passed, it is not properly defined in Lithuanian sources and is still confused with other concepts tied to computer security, most often with concepts such as “worms” and “Trojan horses.” There has never been comprehensive linguistic research carried out on this concept and its signifier in Lithuanian. The aim of this dissertation is to describe the semantic field of the concept “computer virus,” the basis of which is the microsystem of the term “computer virus.” The following was used for the research: a total of 919 computer threat descriptions included in the Symantec computer threat bank that are tagged virus, the terminographical resources of Threat Explorer partners and computer terminology dictionaries published in Lithuania from 1984 to 2006 as well as analytical articles about computer terminology in Lithuanian scientific journals during the same period. Additional terminographical resources in Lithuanian and French are included in the research to assess and analyze the development of this concept. All of the terminological date that was collected concerning the semantic field of the concept in question (comprised of 177 concepts in this work) was analysed using the following methods: the comparative method, descriptive method, componential analysis and uplink analysis. As the research was carried out, it became clear that the semantic field of the... [to full text]
|
Page generated in 0.0507 seconds