In Partial Fulfilment of the Requirement of the award for the Degree Of BACHELOR OF COMPUTER APPLICATION
VIRUS DETECTION
Submitted byKEERTHI.C
Reg.No:14P22J0325
Introduction A computer virus is a computer program that can
copy itself and infect a computer without permission or knowledge of the user. The term "virus" is also commonly used, albeit erroneously, to refer to many different types of malware and adware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive.
Introduction (Cntd..) The first, and by far the most common method of
virus detection is using a list of virus signature definitions. They are heuristic analysis and signature scanning. In signature scanning only single virus can be detected at a time where as in The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect viruses that anti-virus security firms have yet to create a signature for.
HARDWARE REQUIREMENTS PROCESSOR: Intel
Pentium II or above RAM : 32 MB or above HDD : 40 MB
SOFTWARE REQUIREMENTS PLATFORM : WINDOWS 7 FRONT END: C, C# .NET BACK END : SQL SERVER
SYSTEM REQUIREMENTS
MODULES Scanning Files.
Scan Single File Scan Single Folder Scan My Computer
Updating Database. Updating
Storing the Infected Files. Virus vault
Existing System A computer virus is a computer program that can
copy itself and infect a computer without permission or knowledge of the user. The term "virus" is also commonly used, albeit erroneously, to refer to many different types of malware and adware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus. anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable.
Existing System (Cntd..) Drawbacks of Existing System The first, and by far the most common method of
virus detection is using a list of virus signature definitions. They are heuristic analysis and signature scanning. In signature scanning only single virus can be detected at a time where as in The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect viruses that anti-virus security firms have yet to create a signature for.
Proposed System Virus Detection System is an application which
shows the way of approaching a generic antivirus product. Unlike to some antivirus products which binds themselves to specific signatures of some particular viruses, this simulation provides a generic approach by which we are able to detect more than a single virus with a common virus code in the database.
Proposed System (Cntd..) For the users of antivirus products who would like to
know the simulation of an antivirus the Virus Detection System is an application which shows the way of approaching a generic antivirus product
Unlike to some antivirus products which binds themselves to specific signatures of some particular viruses, this simulation provides a generic approach by which we are able to detect more than a single virus with a common virus code in the database
Feasibility Report Preliminary investigation examine project feasibility,
the likelihood the system will be useful to the organization. The main objective of the feasibility study is to test the Technical, Operational and Economical feasibility for adding new modules and debugging old running system. All system is feasible if they are unlimited resources and infinite time.
There are aspects in the feasibility study portion of the preliminary investigation:
• Technical Feasibility• Operation Feasibility• Economical Feasibility
Technical Feasibility
A system is said to be technically feasible only if the
system can be developed by using the existing
technology. Our system satisfies technical feasibility,
owing the existing technology, reliability, ease of
access and security.
Economic Feasibility
This test is carried out to determine the costs of conducting a full system investigation, to costs of required hardware and software and the benefits in the form of reduced costs. The costs to conduct preliminary investigation, cost of hardware and software were not considerable due to the availability of all requirements at college. The benefits in developing the system are substantial.
System Design The system design starts by converting the logical
model of the system into physical model. Physical model represents the transactions that take place in the system and the physical components that are involved; the documents for the physical models namely, flow of charts for the program.
Operational Feasibility A system is said to be operationally feasible only if it
can be turned into information systems that will meet the organizations operating requirements. The “Virus Tracking System” has no barrier in operation and implementation. Further, it reduces manual effort and increases the performance when compared to conventional methods. It increases efficiency and also it automatically valuated. Our system thus found to be operationally feasible.
Normalization
Normalization is the process of efficiently organizing data in a database. There are two goals of the normalization process: eliminating redundant data (for example, storing the same data in more than one table) and ensuring data dependencies make sense (only storing related data in a table). Both of these are worthy goals as they reduce the amount of space a database consumes and ensure that data is logically stored.
Normalization (Cntd..) Insertion anomaly: Inability to add data to the database due to absence of other data. Deletion anomaly: Unintended loss of data due to deletion of other data. Update anomaly: Data inconsistency resulting from data redundancy and partial update Normal Forms: These are the rules for structuring relations that eliminate anomalies. FIRST NORMAL FORM: A relation is said to be in first normal form if the values in the relation are atomic for every attribute in the relation. By this we mean simply that no attribute value can be a set of values or, as it is sometimes expressed, a repeating group. SECOND NORMAL FORM: A relation is said to be in second Normal form is it is in first normal form and it should satisfy any one of the following rules . Primary key is a not a composite primary key No non key attributes are present Every non key attribute is fully functionally
dependent on full set of primary key. THIRD NORMAL FORM: A relation is said to be in third normal form if their exits no transitive dependencies
E-R DIAGRAM E – R DIAGRAMS
The relation upon the system is structure through a conceptual ER-Diagram, which not only specifics the existential entities but also the standard relations through which the system exists and the cardinalities that are necessary for the system state to continue. The entity Relationship Diagram (ERD) depicts the relationship between the data objects. The ERD is the notation that is used to conduct the date modeling activity the attributes of each data object noted is the ERD can be described resign a data object descriptions. The set of primary components that are identified by the ERD are
Data object Relationships Attributes Various types of indicators. The primary purpose of the ERD is to represent data objects and their relationships.
Data Flow Diagram A graphical tool is used to describe and analyze the
movement of the data through a system manually or automate including the process of data storage, and delay in the system. DFD’s are central tools and the basis for the development of other components. The transformation of data from one process to another process is independent of physical components. These types of DFD’s are called LOGICAL DATA FLOW DIAGRAMS. In contrast, physical data flow diagrams show the actual implementation and movements of the data through people, departments and workstations.
Advantages of DFD Users, persons who are part of the process being
studied, early understand the notations. So analysts can work with the users and involve them in the study of data flow diagram. For accurate business activity users can make suggestions for modification and also they examine charts and spot out the problems quickly. If the errors are not found in the development process they will be very difficult to correct latter and the system may be failure.
Data flow analysis permits analyst to isolate areas of interest in the organization and study them by examining the data that enters the process and see how it is changed when it leaves the process.
DFD Symbols DATA FLOW DATA STRUCTURE
EXTERNAL ENTITY OR DATA LINK
PROCESS
DATABASE
TESTING
Software testingSoftware testing is a crucial element of Software Quality Assurance and represents the ultimate review of specification design and coding. Errors tend to creep into our work when we design and implement the function, condition or controls that are of the main stream. The logical flow of the program sometimes encounter intuitive meaning that our unconscious assumptions about flow control and data may lead us to make design errors that are uncovered only once path testing commences.
VerificationVerification is the process to make sure the product satisfies the conditions imposed at the start of the development phase. In other words, to make sure the product behaves the way we want it to.
TESTING (Cntd..) Basic Software testing
There are two basics of software testing: blackbox testing and whitebox testing.
Blackbox TestingBlack box testing is a testing technique that ignores the internal mechanism of the system and focuses on the output generated against any input and execution of the system. It is also called functional testing.
Whitebox Testing White box testing is a testing technique that takes into account the internal mechanism of a system. It is also called structural testing and glass box testing.Black box testing is often Use for validation and white box testing is often used for verification.
Types of Testing There are many types of testing like• Unit Testing• Integration Testing• Functional Testing• System Testing• Stress Testing• Performance Testing• Usability Testing• Acceptance Testing• Regression Testing• Beta Testing
Types of Testing (Cntd..) Unit Testing Unit testing is the testing of an individual unit or group of
related units. It falls under the class of white box testing. It is often done by the programmer to test that the unit he/she has implemented is producing expected output against given input.
Integration Testing Integration testing is testing in which a group of components
are combined to produce output. Also, the interaction between software and hardware is tested in integration testing if software and hardware components have any relation. It may fall under both white box testing and black box testing.
Functional Testing Functional testing is the testing to ensure that the specified
functionality required in the system requirements works. It falls under the class of black box testing.
Types of Testing (Cntd..) System Testing System testing is the testing to ensure that by putting the
software in different environments (e.g., Operating Systems) it still works. System testing is done with full system implementation and environment. It falls under the class of black box testing.
Stress Testing Stress testing is the testing to evaluate how system
behaves under unfavorable conditions. Testing is conducted at beyond limits of the specifications. It falls under the class of black box testing.
Performance Testing Performance testing is the testing to assess the speed and
effectiveness of the system and to make sure it is generating results within a specified time as in performance requirements. It falls under the class of black box testing.
Types of Testing (Cntd..) Usability Testing Usability testing is performed to the perspective of the client, to
evaluate how the GUI is user-friendly? How easily can the client learn? After learning how to use, how proficiently can the client perform? How pleasing is it to use its design? This falls under the class of black box testing.
Acceptance Testing Acceptance testing is often done by the customer to ensure that the
delivered product meets the requirements and works as the customer expected. It falls under the class of black box testing.
Regression Testing Regression testing is the testing after modification of a system,
component, or a group of related units to ensure that the modification is working correctly and is not damaging or imposing other modules to produce unexpected results. It falls under the class of black box testing.
Beta Testing Beta testing is the testing which is done by end users, a team outside
development, or publicly releasing full pre-version of the product which is known as beta version.
SMAPLE SCREENS
Table Name: SCODE PURPOSE: This table is used to store the virus codes that will be
used to compare with the translated file codes.
Column Name Data Type Size Constraints
Code Name Text 30 NOT NULL
Instruction Text 50 NOT NULL
Sno Integer 15 NOT NULL
Table Name: REPORT PURPOSE: This table is used to store the file locations and their
status that have been scanned temporarily to pass them to the next module after completing all the selected files.Column Name Data Type Size Constraints
Filename Text 255 NOT NULL
Status Text 50 NOT NULL
Table Name: VAULT PURPOSE: This table is used to store the locations of the files
that are affected and have been moved to the vault for deleting them in the future.
Column Name Data Type Size Constraints
Filename Text 255 NOT NULL
Status Text 50 NOT NULL
Conclusion The “virus tracking system” is a generic antivirus
approach that will detect the suspicious behaviors of the files that are scanned and it avoids the pitfalls of the signature scanning method and provides a full security to the user.