Lecture-AntiVirus-3-3-10 - De nseTe fe chnique Against...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
Defense Techniques Against Virus Ratan Guha CIS 3360, Spring 2010 March 3, 2010 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Reference Book Reference: Peter Szor “The Art of Computer Virus Research and Defense”, Symantec Press, Addison Wesley, 2005. (ISBN 0-321-30454-3)
Background image of page 2
Antivirus Defense Techniques Detect Prevent Repair
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture Malicious Logic 4 Anti-Viruses and Anti-Spyware Anti-virus and Anti-Spyware engines more or less work along the same ideas of detection Integrity Checkers Check sum Cyclic Redundancy Check Scan engines Static Engines Dynamic Engines
Background image of page 4
Lecture Malicious Logic 5 Integrity Checkers Signature Creation o Identify files for which you want to check integrity (any change should be detected) o Compute checksums of the file o Periodically check for any modifications to files i.e. obtain new samples of same exploit files o Update checksums
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Check Sum Algorithm 4 bytes of data: 0x25, 0x62, 0x3F, 0x52 Step 1: Add all bytes. Result 0x118. Step 2: Drop the carry nibble : 0x18. Step 3: Get the two’s complement of the result 0x18 to get 0xE8. This is the checksum byte.
Background image of page 6
Determine the integrity using checksum Step 1: To test the checksum byte simply add the checksum to the original group of bytes. Drop the carry nibble. Step 2: If the result is 0x00, it means no error was detected (although an undetectable error could have occurred).
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Example Compute check sum for the hex number: 01ABCDEF90 01 + AB = AC; AC +CD = 79 (ignore last bit) 79 + EF = 68; 68 + 90 = F8. Two’s complement of F8 is 08 F8 in binary : 1111 1000 One’s complement: 0000 0111 Two’s complement: 0000 0111 + 1 = 0000 1000 = 0x08 8
Background image of page 8
9 Cyclic Redundancy Check (CRC) CRC uses polynomials o CRC-4 : Examples o x 4 + x 3 + x + 1 : Coefficients 1 1011 o x 4 + x + 1 : Coefficients 1 0011 o CRC -8: Examples o x 8 + x 2 + x + 1 : Coefficients 1 0000 0111 o x 8 + x 7 + x 3 + x 2 + 1 Coefficients 1 1000 1101 o Similarly we have CRC-16 and CRC-32
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Cyclic Redundancy Check (CRC) Codes or messages are considered as bit strings Step 1: Add n zero bits on the right of the message or code for CRC-n. Step 2: Divide the result obtained in Step 1 by the coefficients of the selected polynomial CRC-n. Step 3: Remainder n-bits are added to the original code or message.
Background image of page 10
CRC Example Message M: 0xAB CRC-4 x 4 + x + 1 : 1 0011 M in binary: 1010 1011 Add 4 zeros to M 1010 1011 0000 Division by repeated subtraction using XOR (see next page) Lecture 5
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Division (Repeated Subtraction) by XOR 10101 011 0000 (4 zeros added to the message) 10011 (Coefficient of polynomial) 0011001 10000 (Result of subtraction using XOR) 10011 010101 0000 (Result of subtraction using XOR) 10011 0011000 00 (Result of subtraction using XOR) 10011 010110 0 (Result of subtraction using XOR) 10011 001010
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 10/05/2010 for the course CIS CIS 3360 taught by Professor Guha during the Spring '10 term at University of Central Florida.

Page1 / 37

Lecture-AntiVirus-3-3-10 - De nseTe fe chnique Against...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online