list of malware

05/03/2023 Birla Institute of Technology, Mesra , Allahabad campus

1

BIRLA INSTITUTE OF TECHNOLOGY MESRA, RANCHIALLAHABAD CAMPUS

A Synopsis PresentationOn

Use of Deception Techniques in Malware Attack and Defense Mechanisms

GUIDED BY:Ajit Kumar Keshri

Assistant ProfessorDepartment Of Computer Science

By:Name : AJAY KUMAR VISHKARMA

Roll No: MTCS/3006/2013

05/03/2023 Birla Institute of Technology, Mesra, Allahabad campus

2

Topic

Use of deception techniques in malware attack and defense mechanisms.


3

Presentation Plan

1.Abstract 04-042.Motivation 05-073.Objective 08-084.State of the Art 09-235.Methodology 24-246.Reference 25-27


4

Abstract•Use of deception techniques among malware attackers and malware defenders are very common.

•We will first identify various deception techniques used by malware attackers and provide path to detect those malwares who uses deception tools for hiding.

•Then we will go for identification of deception techniques used by malware defenders and finally we will develop new deception techniques for malware defenders [1].


5

Motivation

•Malware is an abbreviation for “malicious software”.

•It is designed to damage or do other unwanted actions on computer systems as well as on computer networks.

•Malwares are of various types such as Virus, Trojan, Root Kit, Key Loggers, Worms, Spyware, Boot net etc.


6

•Malware attacks are experienced by most computer users or Internet users.

• For handling them users normally use firewall, anti-virus (AV) software etc.

Motivation Cont...


7

•Deception techniques are very popular among attackers and defenders.

•Malware attackers use various deception techniques to survive from AV detection.

•AV vendors also use various deception techniques to trap new malwares.

Motivation Cont...


8

Objective

To develop deception tools and techniques for responding to attack to identify an attack and investigate the origin, motives and mechanisms of the attack.


9

State of the Art

•Malware is any software used to disrupt computer operation, gather sensitive information or gain access to private computer systems.

•It can appear in the form of executable code, scripts, active content and other software.


10

•Malwares are of various types such as Virus, worm, Trojan horse, root kit, key loggers, spyware, botnet, Rogue security software, Ransomware, Browser Hijacker, Cross-site scripting (XSS), Chargeware, Email spam, Shareware, Stealware, etc.

Virus:•A virus is a contagious program or code that attaches itself to another piece of software, and then reproduces itself when that software is run.

• Most often this is spread by sharing software or files between computers through removable disk.

• Some well known viruses are 1260, 4K, 51o, AandA, Acid, ABC, AIDS, Creeper, I LOVE YOU, KamaSutra, Pingpong, Sunday.

State of the Art Cont...


11

Worm:•A worm is a program that replicates itself in order to spread to other computers.

•Often; it uses a computer network to spread itself, relying on security failures on the target computer to access it.

•Worms almost always cause at least some harm to the network, even if only by consuming bandwidth.

•Many worms that have been created are designed only to spread, and do not attempt to change the systems they pass through.



12

•Morris worm and Mydoom showed, even these "payload free" worms can cause major disruption by increasing network traffic and other unintended effects.

•Some known worms are Badtrans, Bagle, Witty, Zotob.

Trojan:•Trojans are written with the purpose of discovering financial information, taking over others computer’s system resources, and may create a denial-of-service (DoS) attack.

•DoS attacks are attempts to make a machine or network resource unavailable to those attempting to reach it.



13

Spyware:•Spyware is a software that spies on others activities in order to inform the attacker.

Rootkit:•Rootkit is designed to get the sensitive data from others computer without realizing anything is going on.



14

•Backdoors are much the same as Trojans or worms, except that they open a “backdoor” onto a computer, providing a network connection for hackers or other malware to enter or for viruses or spam to be sent.

Backdoors



15

Botnet:•The word botnet is a combination of the words robot and network[16].

•The term is usually used with a negative or malicious connotation Example: Khan C. Smith in 2001.

•Origin: A botnet's originator (known as a "bot herder" or "bot master") can control the group remotely, usually through (Internet Relay Chat )IRC, and often for criminal purposes.

•This server is known as the command-and-control (C&C) server.



16

Adware:•Adware is the least dangerous and most lucrative malware. Adware displays free illegal ads on web sites.

•Adware, or advertising-supported software, is any software package which automatically renders advertisements in order to generate revenue for its author.•The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process.•The functions may be designed to analyze which Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there.



17

•Today cyber world and physical world get closer and closer together it creates a dangerous for our data [7], [4], [5].

•Attackers creates different variants of the same malware using various deception techniques such as •Encrypted•Oligomorphic• polymorphic &• metamorphic [8], [9], [10] as shown in Figure 1.



18

•Encryption is the process of encoding messages or information in such a way that only authorized parties can read it.

• Oligomorphic is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic.

•Polymorphism is the provision of a single interface to entities of different types.

•The Metamorphic Technique is a gentle form of foot, hand and head massage that can be carried out by anyone with a brief training in the technique.

•It draws on reflexology in its theory and approach.[11]



19

Figure 1: Some stealth techniques used by malware attackers



20

•Some techniques of deception used by malware defenders are as follows:

•Honeypot deception technique: Honeypot is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.

•Generally, a honeypot, as shown in Figure 2, consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.

•This is similar to the police baiting a criminal and then conducting undercover surveillance [12], [13], [7], [14].[15]



21


Figure 2: Use of honeypot in a network.


22

•Honeynet deception technique: A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security.

• A honeynet, as shown in Figure 3, contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and trap malware attackers.

•Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources[16, 17].



23

Figure 3: Implementation of honeynet in a network.



24

Methodology

•Step 1: Literature review of deception techniques used by malware attackers and defenders.

•Step 2: Identification of deception techniques used by malware attackers.

•Step 3: Identification of deception techniques used by malware defenders.

•Step 4: Provide path to detect those malwares who uses deception tools for hiding.

•Step 5: Develop new deception techniques for malware defenders.


25

Reference [1.] Designing Good Deception in Defense of Information Systems Neil C.Rowe Cebrowski Institute, [2.] Laplante, Philip A. (Dec 21, 2000). Dictionary of Computer Science, Engineering and Technology. CRC Press. p. 366.ISBN 0-8493-2691-5. Retrieved June 17, 2014.[3.] C. Czosseck, E. tyugu, T. Wingfield (Eds.) Tallinn, Estonia,Requirements for a Future EWS-Cyber Defence in the Internet of the Future 2011 3rd International Conference on Cyber Conflit 2011 © CCD COE Publications Mario Golling and Bjorn D-85577 Neubiberg, Germany Copyright © 2011 by CCD COE Publication Page No. 135-150.[4.] Alvaro A. Cardenas, Tanya roosta, Gelareh Taban, and Shankar sassy Cyber Security Basic defence and Attack trends ART_Franceschetti_CH04.indd 73 MTC 4/17/2008 Page No. 73-102[5.] Nong Ye toni Farley A scientific approach to Cyber attack Detection 0018-9162/05/$20.00 © 2005 IEEE Published by the IEEE Computer Society November 2005 page No. 55-61.[6.] Hossein Rouhani Zeidanloo, Mohammad Jorjor Zadeh shooshtari, Payam Vahdani Amoli M. Safari, Mazdak Zamani A Taxonomy of Botnet Detection Technique, 978-1-4244-5539-3/10/$26.00 © 2010 IEEE[7.] HONEYPOT SECURITY February 2008 © the Government of the Hong Kong Special Administrative Region


26

[8.] Xinwen Fu, Bryan Graham, Dan Cheng, Riccardo Bettati, and Wei Zhao Camouflaging Virtual Honeypots Report 2005-7-3 Page No.1-17[9.] Carey Nachenberg BEATA SZPURA Computer Virus-Coevolution The battle to conquer computer viruses is far from won, but new and improved antidotes are controlling the field January 1997/Vol. 40. No. 1 COMMUNICATIONS OF THE ACM[10.] R. T. Goswami, avijit Mondal Bimal kumar Mishra, N.C. Mahanti Defending polymorphic Worm in Computer Network using Honeypot (IJACSA) International Journal of Advance Computer Science and Application Vol. 3, No. 10, 2012 page no. 63-65[11.] Hemraj saini et al. (IJEST) EXTENDED HONEYPOT FRAMEWORK TO DETECT OLD/NEW CYBER ATTACKS International Journal of Engineering Science and technology [12.] Qinghua Zhang, Douglas S.Reeves MetaAware: Identifying Metamorphic Malware*ISSN: 0975-5462 Vol. 3 No. 3 March 2011.[13.] Paul Baecher1, Markus Koetter1, Thorsten Holz2, Maximillian Dornseif2, and Felix Freiling2 1 The Nepenthes Platform: An Efficient Approach to Collect Malware [14.] An Evening with Berfer In Which a Cracker is Lured, and studied Bill Cheswick AT&T Bell Laboratories.

Reference


27

Reference

[15.] Pei-Sheng Hung Design and Implementation of a distributed Early Warning System Combined with Intrusion Detection System and Honeypot International Conference on Convergence and Hybrid Information technology 2009 [16.] Apostolis Zarras The Art of False Alarms in the Game of Deception: Leveraging Fake Honeypots for Enhanced Security [17.] John Levin*, Richard La Bella***, Henry Owen*, Didier Contis*, Brain culver** The Use of Honeynets to Dectect Exploited systems across Large enterprise Networks South Florida honevnet Project Proceeding of the 2003 IEEE Workshop on Information Assurance United State Military Academy, West Point, NY June 2003.[18.] Meyer, Lvan Smith, Mark Cummins and Anthony Be aware with a Honeypot IBT Journal Issue Number 16, December 2007 Page No.4-16[19.] SIMON BYERS AVIEL D. RUBIN DAVID KORMANN Defending Against an Internet-Based Attack on the Physical world AT&TLabs Johns Hopkins University and AT&T Labs ACM Transaction on Internet Technology, Vol. 4, No. 3, August 2004, Page 239-254.[20.] Torre Avenue Cupertino The Symantec enterprise paper Volume XXX SYMANTEC WORLD HEADQUARTERS 10201, CA 95014 USA www.symantec.com Page No.1-13


28

Thank You…

list of malware

Education