{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Lecture 7_Virus Detection & Prevention

Lecture 7_Virus Detection & Prevention - Virus...

Info icon This preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
COMP 6370 – Virus Detection & Prevention 1 Virus Detection & Prevention Current Techniques For Detecting and Preventing Damage From Computer Viruses COMP 5370/6370
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
COMP 6370 – Virus Detection & Prevention 2 3 Basic Anti-Virus Technologies 3 Basic Anti-Virus Technologies Virus Scanners Integrity Checkers Behavior Blockers
Image of page 2
COMP 6370 – Virus Detection & Prevention 3 Virus Scanners Virus Scanners Examine the contents of each file that can carry executable instructions “.exe”, “.bat”, “.com”, “.vbs”, “.scr”, etc. Search each potential file for certain “search strings” which are present in known viruses. Use a variety of techniques to check for matches Fuzzy search (Heuristic search), exact search Fuzzy search accounts for virus variants by not requiring an exact match, takes more time Exact search will not catch virus variants, but is much faster
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
COMP 6370 – Virus Detection & Prevention 4 Virus Scanning Search each file for a known “search string” Search string should be something that uniquely identifies the virus In this case, searching for the two printf statements and the system() call may make a good signature Remember, searching is parsing the hexadecimal executable, so there is no need to worry about case sensitivity, overhead of comparing strings, etc. //COMP 6370 Virus #include <stdio.h> #include <stdlib.h> { printf(“The COMP 6370 virus\n”); printf(“Removing C:\My Documents\n”); system(“deltree C:\My Documents”); }
Image of page 4
COMP 6370 – Virus Detection & Prevention 5 Virus Scanners Problems With Virus Scanners Unable to cope with unknown viruses Since scanners use a database of known viruses, unknown viruses will escape detection Minor variants of known viruses can be missed Fuzzy search is very time intensive, so software developers may not use it as aggressively as it should Time concerns Time required to compare the contents of each executable to each virus in the database can be very large
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern