Spelling suggestions: "subject:"computer viruses"" "subject:"coomputer viruses""
31 |
Search engine poisoning and its prevalence in modern search enginesBlaauw, Pieter January 2013 (has links)
The prevalence of Search Engine Poisoning in trending topics and popular search terms on the web within search engines is investigated. Search Engine Poisoning is the act of manipulating search engines in order to display search results from websites infected with malware. Research done between February and August 2012, using both manual and automated techniques, shows us how easily the criminal element manages to insert malicious content into web pages related to popular search terms within search engines. In order to provide the reader with a clear overview and understanding of the motives and the methods of the operators of Search Engine Poisoning campaigns, an in-depth review of automated and semi-automated web exploit kits is done, as well as looking into the motives for running these campaigns. Three high profile case studies are examined, and the various Search Engine Poisoning campaigns associated with these case studies are discussed in detail to the reader. From February to August 2012, data was collected from the top trending topics on Google’s search engine along with the top listed sites related to these topics, and then passed through various automated tools to discover if these results have been infiltrated by the operators of Search Engine Poisoning campaings, and the results of these automated scans are then discussed in detail. During the research period, manual searching for Search Engine Poisoning campaigns was also done, using high profile news events and popular search terms. These results are analysed in detail to determine the methods of attack, the purpose of the attack and the parties behind it
|
32 |
An exploratory study of techniques in passive network telescope data analysisCowie, Bradley January 2013 (has links)
Careful examination of the composition and concentration of malicious traffic in transit on the channels of the Internet provides network administrators with a means of understanding and predicting damaging attacks directed towards their networks. This allows for action to be taken to mitigate the effect that these attacks have on the performance of their networks and the Internet as a whole by readying network defences and providing early warning to Internet users. One approach to malicious traffic monitoring that has garnered some success in recent times, as exhibited by the study of fast spreading Internet worms, involves analysing data obtained from network telescopes. While some research has considered using measures derived from network telescope datasets to study large scale network incidents such as Code-Red, SQLSlammer and Conficker, there is very little documented discussion on the merits and weaknesses of approaches to analyzing network telescope data. This thesis is an introductory study in network telescope analysis and aims to consider the variables associated with the data received by network telescopes and how these variables may be analysed. The core research of this thesis considers both novel and previously explored analysis techniques from the fields of security metrics, baseline analysis, statistical analysis and technical analysis as applied to analysing network telescope datasets. These techniques were evaluated as approaches to recognize unusual behaviour by observing the ability of these techniques to identify notable incidents in network telescope datasets
|
33 |
Topology-aware vulnerability mitigation wormsAl-Salloum, Ziyad January 2011 (has links)
In very dynamic Information and Communication Technology (ICT) infrastructures, with rapidly growing applications, malicious intrusions have become very sophisticated, effective, and fast. Industries have suffered billions of US dollars losses due only to malicious worm outbreaks. Several calls have been issued by governments and industries to the research community to propose innovative solutions that would help prevent malicious breaches, especially with enterprise networks becoming more complex, large, and volatile. In this thesis we approach self-replicating, self-propagating, and self-contained network programs (i.e. worms) as vulnerability mitigation mechanisms to eliminate threats to networks. These programs provide distinctive features, including: Short distance communication with network nodes, intermittent network node vulnerability probing, and network topology discovery. Such features become necessary, especially for networks with frequent node association and disassociation, dynamically connected links, and where hosts concurrently run multiple operating systems. We propose -- to the best of our knowledge -- the first computer worm that utilize the second layer of the OSI model (Data Link Layer) as its main propagation medium. We name our defensive worm Seawave, a controlled interactive, self-replicating, self-propagating, and self-contained vulnerability mitigation mechanism. We develop, experiment, and evaluate Seawave under different simulation environments that mimic to a large extent enterprise networks. We also propose a threat analysis model to help identify weaknesses, strengths, and threats within and towards our vulnerability mitigation mechanism, followed by a mathematical propagation model to observe Seawave's performance under large scale enterprise networks. We also preliminary propose another vulnerability mitigation worm that utilizes the Link Layer Discovery Protocol (LLDP) for its propagation, along with an evaluation of its performance. In addition, we describe a preliminary taxonomy that rediscovers the relationship between different types of self-replicating programs (i.e. viruses, worms, and botnets) and redefines these programs based on their properties. The taxonomy provides a classification that can be easily applied within the industry and the research community and paves the way for a promising research direction that would consider the defensive side of self-replicating programs.
|
34 |
Μελέτη εξάπλωσης ιών σε δίκτυαΡάπτη, Αγγελική 16 April 2015 (has links)
Η έννοια των δικτύων εμφανίζεται πολύ συχνά με διάφορες μορφές. Δίκτυο
μπορούμε να θεωρήσουμε ένα σύνολο υπολογιστών που συνδέονται μεταξύ τους
υπακούοντας σε κάποιο πρωτόκολλο επικοινωνίας αλλά και μια ομάδα ανθρώ-
πων που συνδέονται μέσω κάποιας κοινωνικής σχέσης, ενός εργασιακού χώρου
αλλά και ως χρήστες ενός forum ή μίας πλατφόρμας κοινωνικής δικτύωσης. Σε
οποιαδήποτε περίπτωση, ένα δίκτυο μπορεί να αναπαρασταθεί με τη μορφή ενός
γράφηματος, όπου οι κόμβοι αναπαριστούν τα άτομα/υπολογιστές και οι ακμές τη
μεταξύ τους σχέση ανάλογα με το πρόβλημα.
Στα πλαίσια ενός τέτοιου δικτύου μας ενδιαφέρει η συμπεριφορά των κόμβων
στην περίπτωση που συμβεί ένα γεγονός που αλλάζει την κατάστασή τους. Στην
περίπτωση που αναφερόμαστε σε μία κοινωνική ομάδα ή μία πόλη, αυτό το φαι-
νόμενο μπορεί να είναι το ξέσπασμα μίας επιδημίας που εξαπλώνεται στο δίκτυο
αλλά και μίας είδησης/φήμης, όπου ενημερώνεται το δίκτυο. Στην πρώτη περί-
πτωση, μας ενδιαφέρει να περιορίσουμε την επιδημία, αλλάζοντας τοπολογικά το
δίκτυο ενώ στη δεύτερη περίπτωση, είναι επιθυμητό να διευκολύνουμε την εξά-
πλωση της είδησης, έτσι ώστε να ενημερωθούν όσο το δυνατόν, περισσότεροι
κόμβοι(χρήστες).
Η συμπεριφορά του δικτύου σε ένα τέτοιο φαινόμενο, μπορεί να προσομοιωθεί
από ένα δυναμικό σύστημα. Με τον όρο δυναμικό σύστημα αναφερόμαστε σε ένα
σύστημα που έχει ένα σύνολο καταστάσεων, όπου κάθε κατάσταση, προκύπτει
σε συνάρτηση με την προηγούμενη. Παραδείγματα εφαρμογής ενός δυναμικού
συστήματος σε δίκτυο, εμφανίζονται σε διάφορους τομείς όπως στην οικολογία,
τη διάχυση πληροφορίας, το viral marketing, την επιδημιολογία.
Τα δυναμικά συστήματα που προσομοιώνουν τη συμπεριφορά του δικτύου
σε τέτοια φαινόμενα, χρησιμοποιούν επιδημιολογικά μοντέλα για να περιγρά-
ψουν τις δυνατές καταστάσεις στις οποίες μπορεί να περιέλθει ένας κόμβος. Στη
συγκεκριμένη εργασία, χρησιμοποιήσαμε το μοντέλο SIS (Susceptible-Infected-Susceptible)
[8].Το μοντέλο SIS δηλώνει ότι ένας κόμβος μπορεί να είναι είτε
επιρρεπής στο να ασθενήσει (susceptible) είτε ασθενής (infected). Αυτό σημαί-
νει πως ένας κόμβος δεν θεραπεύεται ποτέ πλήρως αλλά υπάρχει πιθανότητα να
ασθενήσει πάλι.
Με βάση τη βιβλιογραφία, σε ένα τέτοιο δυναμικό σύστημα, αναζητούμε κά-
ποια σημεία (fixed points) στα οποία το σύστημα θα ισορροπεί. Υπάρχουν σημεία τα οποία είναι σημεία ισορροπίας αλλά δεν είναι σταθερά. Σε αυτά τα σημεία,
το σύστημα μπορεί στιγμιαία να ισορροπήσει αλλά ξεφεύγει πολύ εύκολα από
αυτό. Αναζητούμε συνεπώς, σταθερά σημεία ισορροπίας, τα λεγόμενα stable fixed
points. Έχει αποδειχτεί [6] ότι μπορούμε σε αυτά στα σημεία να καθορίσουμε τις
απαραίτητες συνθήκες για να είναι σταθερά, περιορίζοντας τη μέγιστη ιδιοτιμή
του μητρώου γειτνίασης που περιγράφει το δίκτυο. Ορίζονται δηλαδή κατώφλια
(thresholds) κατά περίπτωση, που περιορίζουν την μέγιστη ιδιοτιμή του δικτύου με
τέτοιο τρόπο ώστε το σύστημα, να βρίσκεται σε κατάσταση ισορροπίας. Στην πε-
ρίπτωση που αναφερόμαστε στο φαινόμενο της επιδημίας, στόχος είναι στο αντί-
στοιχο σημείο ισορροπίας η μέγιστη ιδιοτιμή να είναι κάτω του κατωφλίου, έτσι
ώστε να εξασφαλίσουμε τον περιορισμό εξάπλωσης της επιδημίας στο δίκτυο.
Στην περίπτωση που αναφερόμαστε σε μία είδηση ή ένα ανταγωνιστικό προϊόν,
η μέγιστη ιδιοτιμή θέλουμε να είναι άνω του αντίστοιχου κατωφλίου έτσι ώστε
να έχουμε εξάπλωση στο δίκτυο. Επομένως ανάλογα με την περίπτωση, αντιμε-
τωπίζουμε διαφορετικά τα κατώφλια που υπολογίζονται για το αντίστοιχο σημείο
ισορροπίας.
Στα πλαίσια της μεταπτυχιακής εργασίας, χρησιμοποιήσαμε το μοντέλο SIS
για να περιγράψουμε το φαινόμενο όπου ένας ιός εξαπλώνεται σε ένα δίκτυο όπου
οι κόμβοι του δικτύου, έχουν διαφορετική ευαισθησία απέναντί του. Πραγματο-
ποιήσαμε μαθηματική περιγραφή του μοντέλου, ορίζοντας τα απαραίτητα κατώ-
φλια έτσι ώστε το σύστημα να ισορροπεί ανάλογα με το σημείο ισορροπίας αλλά
και το είδος του γραφήματος. Επίσης, πραγματοποιήσαμε προσομοίωση του μο-
ντέλου σε συνθετικά γραφήματα (κλίκα, αυθαίρετο γράφημα κ.α), επαληθεύοντας
τη συμπεριφορά που υποδεικνύει το μαθηματικό μοντέλο. / Which is the appropriate answer about the definition of a network? One could
answer that a group of people who share a relationship (colleagues, students etc)
could be referred to, as a network. Another possible definition, is a computer
network. Consequently, it is obvious that the idea of a network can be found in
various ways in our daily life.
In the same terms, suppose we have one competing idea/product or a virus
that propagates over a multiple profile social (or other) network. Can we predict
what proportion of the network will actually get ”infected” (e.g., spread the idea
or buy the competing product), when the nodes of the network appear to have
different sensitivity based on their profile? For example, if there are two profiles
A, B in a network and the nodes of profile A and profile B are susceptible to a
highly spreading virus with probabilities βA and βB respectively, what percentage
of both profiles will actually get infected from the virus in the end?
The behavior of such a network, can be simulated using dynamical systems
theory. We consider a dynamical system as a system with a set of possible states
where each future state, is computed based on the previous state. Dynamical System
Applications, can be found in many fields such as viral marketing, ecology, information
diffusion and virus propagation.
In order to simulate the rumor or virus which is spreading across the network,
one has to use virus propagation models. The selection of the appropriate model,
depends on the special attributes and characteristics of the spreading rumor/virus
and it should cover all the possible states in which a node in the network can be
(sick, healthy,susceptible, informed, not informed etc).
According to Dynamical Systems Theory, we are looking for possible fixed
points where the system is in equilibrium. In particular, we would require each
fixed point to be a stable attractor and not lead the system far away from the
equilibrium point due to opposing forces (stable fixed points). It has been proven
that limiting the leading eigenvalue of the adjacency matrix of the graph, is the
only condition required, in order for the system to be in equilibrium state, in the
corresponding fixed point.
In this paper, we assume an SIS propagation model [8] which is applied on a
heterogeneous network. That is, we assume that there is no fair game using the
terminology of [14, 3]. In the SIS model, each node can be either in a susceptible
(S) state or in the infected state (I) and as result there is no permanent immunity
and every node can get infected multiple times.Since this is the first theoretical
treatment of heterogeneous environments for virus propagation, we choose to work
in the simple model of SIS and not in other models.
Suppose that we are given a social network and a rumor that spreads over it,
where the nodes of the network represent people with high/low sensitivity to the
rumor and the links represent the association of the nodes, how will the rumor
propagate over the network? That is, can we determine whether all members of
the network will reproduce the rumor to their neighbors and ”infect” them or the
rumor will spread in a small group in the network and die out quickly? Similarly,
which is the tipping point where such a rumor or infectious virus will take off? It
would be very helpful if we could find the specific point when the ”virus” spreads
all over the network and an epidemic occurs. Finally, what is the case when the
nodes have different endurance/sensitivity to the ”virus” and have temporary or
permanent immunity?
Our basic assumption and innovation when compared to all previous approaches
is that there is no fair-play and nodes have different profile against the virus. That
is, the network is heterogeneous with respect to the virus, which means that nodes
have different sensitivity to it. This is one of our main contributions in comparison
with previous results where all nodes appear to have the same behavior towards the
virus and the same model parameters. The propagation model which is followed,
resembles the SIS (no immunity like flu) model where nodes are either susceptible
or infected but with modifications. All nodes can get infected from one another,
despite the difference of their profiles. We prove and present the tipping point
where the virus is about to spread all over the network or the rumor ”infect” every
member of the network and result in a ”viral” phenomenon.
Our main contribution, is that we provide answers for the questions above,
for special topologies such as the clique as well as arbitrary graphs of high or
low connectivity. In particular, to the best of our knowledge, we are the first to
provide theoretical and experimental findings on the propagation of a virus over a
heterogeneous network. We prove that in the case of two profiles, if one profile has
high sensitivity to the virus and the other one has low sensitivity, actually nodes
from both profiles will get infected proportionally in the case where the network is
a clique. For arbitrary networks, we prove necessary conditions for the virus to die
out allowing for multiple profiles (not just two), while at the same time we give
directions to prove other interesting cases. The problem has many applications in
the field of viral marketing, medicine, ecology and other.
|
35 |
A framework for the application of network telescope sensors in a global IP networkIrwin, Barry Vivian William January 2011 (has links)
The use of Network Telescope systems has become increasingly popular amongst security researchers in recent years. This study provides a framework for the utilisation of this data. The research is based on a primary dataset of 40 million events spanning 50 months collected using a small (/24) passive network telescope located in African IP space. This research presents a number of differing ways in which the data can be analysed ranging from low level protocol based analysis to higher level analysis at the geopolitical and network topology level. Anomalous traffic and illustrative anecdotes are explored in detail and highlighted. A discussion relating to bogon traffic observed is also presented. Two novel visualisation tools are presented, which were developed to aid in the analysis of large network telescope datasets. The first is a three-dimensional visualisation tool which allows for live, near-realtime analysis, and the second is a two-dimensional fractal based plotting scheme which allows for plots of the entire IPv4 address space to be produced, and manipulated. Using the techniques and tools developed for the analysis of this dataset, a detailed analysis of traffic recorded as destined for port 445/tcp is presented. This includes the evaluation of traffic surrounding the outbreak of the Conficker worm in November 2008. A number of metrics relating to the description and quantification of network telescope configuration and the resultant traffic captures are described, the use of which it is hoped will facilitate greater and easier collaboration among researchers utilising this network security technology. The research concludes with suggestions relating to other applications of the data and intelligence that can be extracted from network telescopes, and their use as part of an organisation’s integrated network security systems
|
36 |
Métodos formais algébricos para geração de invariantes / Algebraic formal methods for invariant generationRebiha, Rachid, 1977- 08 December 2011 (has links)
Orientador: Arnaldo Vieira Moura / Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-19T00:11:05Z (GMT). No. of bitstreams: 1
Rebiha_Rachid_D.pdf: 1451665 bytes, checksum: abe6fc4e72cf43113c7c93064ab11ed8 (MD5)
Previous issue date: 2011 / Resumo: É bem sabido que a automação e a eficácia de métodos de verificação formal de softwares, sistemas embarcados ou sistemas híbridos, depende da facilidade com que invariantes precisas possam ser geradas automaticamente a partir do código fonte. Uma invariante é uma propriedade, especificada sobre um local específico do código fonte, e que sempre se verifica a cada execução de um sistema. Apesar dos progressos enormes ao longo dos anos, o problema da geração de invariantes ainda está em aberto para tanto programas não-lineares discretos, como para sistemas não-lineares híbridos. Nesta tese, primeiramente, apresentamos novos métodos computacionais que podem automatizar a descoberta e o fortalecimento de relações não-lineares entre as variáveis de um programa que contém laços não-lineares, ou seja, programas que exibem relações polinomiais multivariadas e manipulações fracionarias. Além disso, a maioria dos sistemas de segurança críticos, tais como aviões, automóveis, produtos químicos, usinas de energia e sistemas biológicos, operam semanticamente como sistemas híbridos não-lineares. Nesse trabalho, apresentamos poderosos métodos computacionais que são capazes de gerar bases de ideais polinomiais de invariantes não-lineares para sistemas híbridos não-lineares. Em segundo lugar, apresentamos métodos pioneiros de verificação que automaticamente gerem bases de invariantes expressas por séries de potências multi-variáveis e por funções transcendentais. Discutimos, também, a sua convergência em sistemas híbridos que exibem modelos não lineares. Verificamos que as séries de potência geradas para invariantes são, muitas vezes, compostas pela expansão de algumas funções transcendentais bem conhecidas, tais como "log" e "exp". Assim, apresentam uma forma analisável fechada que facilita o uso de invariantes na verificação de propriedades de segurança. Para cada problema de geração de invariantes estabelecemos condições suficientes, muito gerais, que garantem a existência e permitem o cálculo dos ideais polinomiais para situações que não podem ser tratadas pelas abordagens de geração invariantes hoje conhecidas. Finalmente, estendemos o domínio de aplicações, acessíveis através de métodos de geração de invariantes, para a área de segurança. Mais precisamente, fornecemos uma plataforma extensível baseada em invariantes pré-computadas que seriam usadas como assinaturas semânticas para análise de intrusos ("malwares") e deteção dos ataques de intrusões mais virulentos. Seguindo a concepção de tais plataformas, propomos sistemas de detecção de intrusão, usando modelos gerados automaticamente, onde as chamadas de sistema e de funções são vigiados pela avaliação de invariantes, pré-calculadas para denunciar qualquer desvio observado durante a execução da aplicação. De modo abrangente, nesta tese, propomos a redução de problemas de geração de invariantes para problemas algébricos lineares. Ao reduzir os problemas de geração de invariante não-triviais de sistemas híbridos não-lineares para problemas algébricos lineares relacionados, somos capazes de ultrapassar as deficiências dos mais modernos métodos de geração de invariante hoje conhecidos permitindo, assim, a geração automática e eficiente de invariantes para programas e sistemas híbridos não lineares complexos. Tais métodos algébricos lineares apresentam complexidades computacionais significativamente inferiores àquelas exigidas pelos os fundamentos matemáticos das abordagens usadas hoje, tais como a computação de bases de Gröbner, a eliminação de quantificadores e decomposições cilíndricas algébricas / Abstract: It is well-known that the automation and effectiveness of formal software verification of embedded or hybrid systems depends to the ease with which precise invariants can be automatically generated from source specifications. An invariant is a property that holds true at a specific location in the specification code, whenever an execution reaches that location. Despite tremendous progress over the years, the problem of invariant generation remains very challenging for both non-linear discrete programs, as well as for non-linear hybrid systems. In this thesis, we first present new computational methods that can automate the discovery and can strengthen interrelationships among the variables of a program that contains non-linear loops, that is, programs that display multivariate polynomial and fractional manipulations. Moreover, most of safety-critical systems such as aircraft, cars, chemicals, power plants and biological systems operate semantically as non-linear hybrid systems. In this work, we demonstrate powerful computational methods that can generate basis for non-linear invariant ideals of non-linear hybrid systems. Secondly, we present the first verification methods that automatically generate basis for invariants expressed by multivariate formal power series and transcendental functions. We also discuss their convergence over hybrid systems that exhibit non linear models. The formal power series invariants generated are often composed by the expansion of some well-known transcendental functions e.g. log and exp. They also have an analysable closed-form which facilitates the use of the invariants when verifying safety properties. For each invariant generation problem, we establish very general sufficient conditions that guarantee the existence and allow for the computation of invariant ideals for situations that can not be treated in the presently known invariant generation approaches. Finally, we extend the domain of applications for invariant generation methods to encompass security problems. More precisely, we provide an extensible invariant-based platform for malware analysis and show how we can detect the most virulent intrusions attacks using these invariants. We propose to automatically generate invariants directly from the specified malware code in order to use them as semantic aware signatures, i.e. malware invariant, that would remain unchanged by most obfuscated techniques. Folix lowing the design of such platforms, we propose host-based intrusion detection systems, using automatically generated models where system calls are guarded by pre-computed invariants in order to report any deviation observed during the execution of the application. In a broad sense, in this thesis, we propose to reduce the verification problem of invariant generation to algebraic problems. By reducing the problems of non-trivial nonlinear invariant generation for programs and hybrid systems to related linear algebraic problems we are able to address various deficiencies of other state-of-the-art invariant generation methods, including the efficient treatment of complicated non-linear loop programs and non-linear hybrid systems. Such linear algebraic methods have much lower computational complexities than the mathematical foundations of previous approaches know today, which use techniques such as as Gröbner basis computation, quantifier elimination and cylindrical algebraic decomposition / Doutorado / Ciência da Computação / Doutor em Ciência da Computação
|
Page generated in 0.0611 seconds