1 / 10

Colored Petri nets as the enabling technology in Intrusion Detection Systems

Colored Petri nets as the enabling technology in Intrusion Detection Systems. Andrey M. Dolgikh MS in Computer Engineering  Degree and Specialization Sought: Doctor of Philosophy in Electrical & Computer Engineering. Conventional antivirus. Signature database. Program _____. Match.

denim
Télécharger la présentation

Colored Petri nets as the enabling technology in Intrusion Detection Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Colored Petri nets as the enabling technology in Intrusion Detection Systems Andrey M. Dolgikh MS in Computer Engineering  Degree and Specialization Sought: Doctor of Philosophy in Electrical & Computer Engineering

  2. Conventional antivirus Signature database Program _____ Match Virus Perfect match – virus detected

  3. Part of program Virus body detected B R A K E I T Signature B R A K E I T

  4. Part of program B R a K E i T Signature B R A K E I T

  5. Utilization of binary signatures (source: Kaspersky Lab) • Current IDS depend on ever-growing databases of binary signatures

  6. Utilization of Malicious functionalities (source: Trend Micro Inc.) 2007 2008 2009

  7. Understanding behavior • Sentence: • Send the password to the Internet • Words: • Password, Internet, The, Send, To • Letters: • PasswordInternetTheSendTo

  8. In natural language Behavior User mode MS Excel: Do something useful Virus MS Excel Virus: Send password to Internet Functionality level Open/read Open/write Cmd /c dir something do useful password send internet API calls something password useful do send internet API1 API2 API3 API6 API7 System Calls System Service Executive Operations Memory Sections File Objects somesswordsendint usefuthingpaldoernet Handle 1 Handle 2 Handle 1 Handle 5 Kernel mode

  9. How to model functionalities? - Via CPN. How CPN works? – it assembles appropriate system calls into functionality Call #11 Call #8 Call #22 Functionality: Chain 5,11 Functionality Call #5

  10. Questions ???

More Related