110 likes | 124 Vues
A research project exploring proactive virus detection systems using custom software and VMWare. Monitors virus activity and provides analysis of different virus types.
 
                
                E N D
CVI / PRSComputer Virus Information / Propagation Research System Eric Miller and Brian Schill CS 522
Why? • There are many viruses that are not researched by the major virus detection companies. • We believe this project and research could eventually lead to more successful proactive virus detection systems. • Exploring the capabilities of VMWare.
Setup and Tools • VMWare – Virtual operating system • CVI / PRS – Custom software for monitoring software • Virus Types
VMWare • Windows 98 guest OS running on Windows XP host. • Disabled networking • Easy restoration • Controlled environment
CVI / PRS • Java application that monitors virus activity on the guest OS • Run on the guest OS • Watches for changes in the directory • DirWatcher.java • Virus Database
Virus Research Example Virus types • Win32 • Worms • Scripts • Example – Bee • Undocumented virus • Run CVI / PRS for results
Example – Continued • Enter initial data into CVI / PRS
Example Continued • Run CVI / PRS
Interpretation of Results • Win32 • Typically deleted executables • Damaged system files/registries • Corrupted system beyond repair after several reboots • Worms • Affected networking files (IPConfig, Traceroute, etc) • Deleted executables • Scripts • Replicated themselves efficiently • Search through file systems to attach themselves to other scripting files • Our program effectively identified changes to the OS
Future Improvements • Differentiate between regular and irregular activity • Various launching capabilities • Better database scheme • XML • Interpret results • Severity report, future capability prediction • Include database for cross-virus predictions and observations • Run the program from the host operating system, monitoring the guest operating system • Difficult restart • Monitor network ports and registry files
Footnotes • Thank you to individuals previously involved in the project • Ben Abernathy • Zach Thomas • Michael May • Initial source code • Viruses