ppt 2
TRANSCRIPT
![Page 1: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/1.jpg)
INTERCEPTION OF AUTOMATED BLOCKING OF MALICIOUS
CODE WITH NDIS MIDWAY DRIVER
1
Presented by S.Gayathri T.Kanimozhi E.Velvizhi S.Ambika
GUIDED BY R.VASANTHI M.E.,(Ph.D).,
![Page 2: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/2.jpg)
CONTENTS
2
ABSTRACTOBJECTIVESINTRODUCTION EXISTING SYSTEM PROPOSED SYSTEM FLOW DIAGRAMIABM BLOCK DIAGRAMIABM DATA FLOW DIAGRAMMAIN MODULES CONCLUSION REFERENCE
![Page 3: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/3.jpg)
ABSTRACT
• It is a new approach to computer security via malicious software analysis and automatic blocking software.
• This propose a technique for the Network Driver Interface Specification (NDIS).
• The NDIS model supports hybrid network.
3
![Page 4: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/4.jpg)
INTRODUCTION
• Malicious code has been categorized based upon functionality and attack vector.
• The malicious code has spreading from one victim computer to another.
• Various malicious codes are
virus
worms
Trojan horses
4
![Page 5: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/5.jpg)
INTRO CONT..
• Various security mechanisms are
Firewall
Sniffer
Antivirus
IDS
• TCP/IP are used in this mechanisms.
• Raw sockets can’t make calls to the bind() function.
5
![Page 6: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/6.jpg)
EXISTING SYSTEM
• In the existing system ,relying on the underlying operating system for data gathering and monitoring
• Anti hacker ,firewall not to allow the packet filtering and detecting network attacks in network
6
![Page 7: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/7.jpg)
PROPOSED SYSTEM
• In the proposed system, malware protection operation support all operating system. For data gathering and monitoring.
• Kaspersky is implemented the technology of NDIS intermediate driver
• NDIS to perform the packet filtering and detecting network attacks function in network.
7
![Page 8: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/8.jpg)
KMP ALGORITHM
8
•String search algorithm
•Mismatch and Match algorithm
EX: m: 01234567890123456789012 S: ABC ABCDAB ABCDABCDABDE W: ABCDABD i: 0123456
![Page 9: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/9.jpg)
IABM NDIS MIDWAY DRIVER BLOCK DIAGRAM
9
URI Decoder
ASCII Filter
Instruction Sequences
Distiller
Instruction Sequences Analyzer
HTTP Request
SIGFREE
Pass(Requests are printable ASCII)
Pass(Request only contains pure data)
Block(Request contain executable codes)
![Page 10: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/10.jpg)
DATAFLOWDIAGRAM
10
Upload files
Admin login
Import file
Start
User search
Select HTTP request
Encode and Decode URL
Convert intoASCII code
Distill URL
Analyse URL
Checkresponse
Retrieveall files
Retrievenon-executable
files
Block executablecodes
End
It containsexecutable
codesIt containspure data
![Page 11: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/11.jpg)
VARIOUS MODULES
Prevention/Detection of Buffer OverflowsWorm Detection and Signature GenerationSigFree Attack Model URI decoderASCII Filter Instruction sequences distiller (ISD)
11
![Page 12: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/12.jpg)
PREVENTION/DETECTION OF
BUFFER OVERFLOWS
• Buffer overflow is one of the most serious vulnerabilities in computer systems.
• The cyber attacks such as server
Worms
Zombies
Botnet.12
![Page 13: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/13.jpg)
• Finding bugs in source code
• Compiler extensions.
• OS modifications
• Hardware modifications
• Capturing code running symptoms of buffer overflow attacks
13
![Page 14: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/14.jpg)
WORM DETECTION AND
SIGNATURE GENERATION
• This is code transformation techniques.
• online attack blocker.
• Used in different purposes.
14
![Page 15: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/15.jpg)
SIGFREE ATTACK MODEL
• The HTTP requests are used.
• It’s a real time ,application blocker.
• Its one of the cyber security.
15
![Page 16: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/16.jpg)
16
16
![Page 17: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/17.jpg)
URI DECODER
• Query parameter of a request URI.
• Request parameter of a request URI.
.
17
![Page 18: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/18.jpg)
18
18
![Page 19: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/19.jpg)
ASCII FILTER
• Malicious executable codes are normally binary strings.
• ASCII ranging from 20-7E in hex.
• SigFree allows a special type of executable codes.
19
![Page 20: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/20.jpg)
20 20
![Page 21: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/21.jpg)
INSTRUCTION SEQUENCES
DISTILLER(ISD)
• Instruction sequences from the query parameters of Request-URI and Request-Body
21
![Page 22: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/22.jpg)
22
22
![Page 23: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/23.jpg)
INSTRUCTION SEQUENCES
ANALYZER
• Using the instruction sequences distiller as the inputs, these module analyzes these instruction sequences to determine whether one of them is a program.
23
![Page 24: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/24.jpg)
24 24
![Page 25: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/25.jpg)
Friday, April 7, 2023 2525
![Page 26: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/26.jpg)
CONCLUSION
• We proposed NDIS technique, in order to provide better protection for user, security prevention mechanisms need to be done at kernel mode.
• We used an another technique is SigFree model.
26
![Page 27: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/27.jpg)
REFERENCE
• Lee Ling Chuan, Chan Lee Yee, Mahamod Ismail and Kasmiran Jumari, “Automated Blocking of Malicious Code with NDIS Intermediate Driver”, ICACT 2011, IEEE February 2011.
• Printing Communications Associates, Inc. (PCAUSA),“NDIS_PACKET Discussion Part 2: NDIS_PACKET Reserved Areas,” January 17, 2010.
• MSDN Library, Microsoft Corporation, “NDIS-Supplied Packet and Buffer Handling Functions (NDIS 5.1),” March 6, 2010.
27
![Page 28: Ppt 2](https://reader036.vdocuments.us/reader036/viewer/2022062613/5447da25b1af9fcf478b45b0/html5/thumbnails/28.jpg)
28
THANK YOU