Upload
gayathrivenkatesh
View
91
Download
0
Tags:
Embed Size (px)
Citation preview
INTERCEPTION OF AUTOMATED BLOCKING OF MALICIOUS
CODE WITH NDIS MIDWAY DRIVER
1
Presented by S.Gayathri T.Kanimozhi E.Velvizhi S.Ambika
GUIDED BY R.VASANTHI M.E.,(Ph.D).,
CONTENTS
2
ABSTRACTOBJECTIVESINTRODUCTION EXISTING SYSTEM PROPOSED SYSTEM FLOW DIAGRAMIABM BLOCK DIAGRAMIABM DATA FLOW DIAGRAMMAIN MODULES CONCLUSION REFERENCE
ABSTRACT
• It is a new approach to computer security via malicious software analysis and automatic blocking software.
• This propose a technique for the Network Driver Interface Specification (NDIS).
• The NDIS model supports hybrid network.
3
INTRODUCTION
• Malicious code has been categorized based upon functionality and attack vector.
• The malicious code has spreading from one victim computer to another.
• Various malicious codes are
virus
worms
Trojan horses
4
INTRO CONT..
• Various security mechanisms are
Firewall
Sniffer
Antivirus
IDS
• TCP/IP are used in this mechanisms.
• Raw sockets can’t make calls to the bind() function.
5
EXISTING SYSTEM
• In the existing system ,relying on the underlying operating system for data gathering and monitoring
• Anti hacker ,firewall not to allow the packet filtering and detecting network attacks in network
6
PROPOSED SYSTEM
• In the proposed system, malware protection operation support all operating system. For data gathering and monitoring.
• Kaspersky is implemented the technology of NDIS intermediate driver
• NDIS to perform the packet filtering and detecting network attacks function in network.
7
KMP ALGORITHM
8
•String search algorithm
•Mismatch and Match algorithm
EX: m: 01234567890123456789012 S: ABC ABCDAB ABCDABCDABDE W: ABCDABD i: 0123456
IABM NDIS MIDWAY DRIVER BLOCK DIAGRAM
9
URI Decoder
ASCII Filter
Instruction Sequences
Distiller
Instruction Sequences Analyzer
HTTP Request
SIGFREE
Pass(Requests are printable ASCII)
Pass(Request only contains pure data)
Block(Request contain executable codes)
DATAFLOWDIAGRAM
10
Upload files
Admin login
Import file
Start
User search
Select HTTP request
Encode and Decode URL
Convert intoASCII code
Distill URL
Analyse URL
Checkresponse
Retrieveall files
Retrievenon-executable
files
Block executablecodes
End
It containsexecutable
codesIt containspure data
VARIOUS MODULES
Prevention/Detection of Buffer OverflowsWorm Detection and Signature GenerationSigFree Attack Model URI decoderASCII Filter Instruction sequences distiller (ISD)
11
PREVENTION/DETECTION OF
BUFFER OVERFLOWS
• Buffer overflow is one of the most serious vulnerabilities in computer systems.
• The cyber attacks such as server
Worms
Zombies
Botnet.12
• Finding bugs in source code
• Compiler extensions.
• OS modifications
• Hardware modifications
• Capturing code running symptoms of buffer overflow attacks
13
WORM DETECTION AND
SIGNATURE GENERATION
• This is code transformation techniques.
• online attack blocker.
• Used in different purposes.
14
SIGFREE ATTACK MODEL
• The HTTP requests are used.
• It’s a real time ,application blocker.
• Its one of the cyber security.
15
16
16
URI DECODER
• Query parameter of a request URI.
• Request parameter of a request URI.
.
17
18
18
ASCII FILTER
• Malicious executable codes are normally binary strings.
• ASCII ranging from 20-7E in hex.
• SigFree allows a special type of executable codes.
19
20 20
INSTRUCTION SEQUENCES
DISTILLER(ISD)
• Instruction sequences from the query parameters of Request-URI and Request-Body
21
22
22
INSTRUCTION SEQUENCES
ANALYZER
• Using the instruction sequences distiller as the inputs, these module analyzes these instruction sequences to determine whether one of them is a program.
23
24 24
Friday, April 7, 2023 2525
CONCLUSION
• We proposed NDIS technique, in order to provide better protection for user, security prevention mechanisms need to be done at kernel mode.
• We used an another technique is SigFree model.
26
REFERENCE
• Lee Ling Chuan, Chan Lee Yee, Mahamod Ismail and Kasmiran Jumari, “Automated Blocking of Malicious Code with NDIS Intermediate Driver”, ICACT 2011, IEEE February 2011.
• Printing Communications Associates, Inc. (PCAUSA),“NDIS_PACKET Discussion Part 2: NDIS_PACKET Reserved Areas,” January 17, 2010.
• MSDN Library, Microsoft Corporation, “NDIS-Supplied Packet and Buffer Handling Functions (NDIS 5.1),” March 6, 2010.
27
28
THANK YOU