1 / 29

Trojan Horses/Worms

Trojan Horses/Worms. Vadolas Margaritis Bantes George. Worms.

tailynn
Télécharger la présentation

Trojan Horses/Worms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trojan Horses/Worms Vadolas Margaritis Bantes George

  2. Worms • In the last years, computer worms have infected hundreds of thousands Internet servers and personal computers in just a few minutes, resulting in financial damages of approximately one billion dollars for business, governments and service providers

  3. Worms • 2 CodeRed - more than 359,000 internet servers infected in just 14 hours • Slammer - 55 million scans per second in just a few minutes

  4. Worms • The term ‘worm’ came out from a science fiction novel in 1975, named The Shockwave Rider, written by John Brunner • Researchers John Shock and Jon Hupp of Xerox PARC, chose the name for one of their papers, which was published in 1982, titled The Worm Programs • Since then it has become globally adopted

  5. Worms • A computer worm is actually a self-replicating computer program • It exploits networks to send copies of itself to other hosts, most of the times without the user’s awareness • Unlike a virus, a worm doesn’t need to be attached to an existing program

  6. Worms • Worms most of the times harm networks, like consuming bandwidth instead of viruses which harm personal computers, corrupting or modifying files. • Worms often result in Distributed Denial of Service for the hosts of a network

  7. Requirements for an effective solution against worms • Robustness and resilience in performing security functions in the internet • Trust integration and alert-correlation methodologies to achieve mutual cooperation among many sites • Fast anomaly detection and distributed denial-of-service (DDos) defense to achieve awareness to unexpected worm or flooding attacks

  8. Requirements for an effective solution against worms • Fast worm-signature detection and dissemination, to achieve efficiency and scalability • Proper traffic monitoring to track DDos attack-transit routers

  9. Defending against worms • Recent research indicates that automatic worm signatures generation using payload (code written to do more than spreading the worm) and address dispersion can provide satisfactory results

  10. Defending against worms • But most scanning worms are first dispersed over the internet and then start spreading • It becomes a difficult task to observe important anomalies and gather enough payload contents at various individual edge networks • Information must be synthesized by multiple edge networks for fast and accurate detection of worm signatures

  11. NetShield defense system • NetShield defense system aims: • Restrain the spread of worms • Provide effective defense against Distributed Denial-Of-Service (DDos) attacks

  12. NetShield defense system • System employs two component sub-systems: • a system specialized in worm signatures detection and dissemination, the WormShield system • a traffic-monitoring scheme to detect DDos attacks.

  13. NetShield defense system • The system uses distributed peer-to-peer networks with Distributed Hash Tables • Purpose of this design quick and resilient look-up services

  14. The NetShield system architecture

  15. The WormShield subsystem • Designed to identify and restrain unknown worms before they infect more vulnerable hosts • Uses a set of geographically distributed monitors located in various administrative domains • Monitors are organized in into a structured peer-to-peer overlay network which is based on the Chord algorithm • Each of the monitors is positioned on the demilitarized zone (DMZ) of the edge network and it analyzes all packets that pass through it

  16. The WormShield subsystem • Each monitor uses the Rabin footprint algorithm to compute the packet payloads from the content blocks • Local prevalence tables which track number of occurrences in a content block and are updated constantly by information provided from the monitor at the specific block • A monitor also keeps the set of source addresses and destination addresses for the content block is observes

  17. The WormShield Architecture

  18. Other worm defense systems • Earlybird and Autograph • Incoming packet analysis • Payload-content prevalence and address dispersion

  19. Other worm defense systems • Trend Detection • A worm monitoring system and early warning system • Based on worm-spreading dynamic models • Detects a worm in its early stage • Uses a Kalman filter estimation algorithm.

  20. Columbia Worm Vaccine Microsoft Shield System End-user oriented approach Preventing a host from being infected Other worm defense systems

  21. Trojan Horse Attack Strategy on Quantum privative communication In the privative communication systems attackers try to break the computer systems for their benefits For the protection of those systems cryptography has been employed widely to privet these attack strategies

  22. Attacks The attacks can be categorized in three different types of attack strategies, the strategy based on fundamentals drawbacks (SFD), the strategy based on obtained information (SOI), and the strategy based on assistant systems (SAS), one typical example of (SAS) is the Trojan horses attacks.

  23. Attack strategies One of those attack strategies is the Trojan horse when hidden in the system attacker can break the system and obtain important information, this attack is available in the private quantum communication

  24. Trojan horses A Trojan horse is a small program that if insert by attacker in one computer program can copy, misuse and destroy data.

  25. Trojan horses There are two kinds of Trojan horse, the pre- liked Trojan horse is a robot horse which is praised in the programs of the user, such as computer programs And the online Trojan horse that is actually a probing signal which may enter to the confidential system without awareness of legitimate communications and then back- reflect to the attacker to the attacker

  26. Trojan horses If a Trojan horse enters in the computer system the attacker may break the cryptosystem and obtain important information by means to the feedback information of the robot horse this called THAS.

  27. Protection of the quantum private communication against Trojan horse attack For the protection of the quantum private communication against Trojan horse attack, used a quantum cryptographic key algorithm with EPR pair(s). The Quantum cryptography is based on the laws of quantum physics using photons to transmit information

  28. Protection of the quantum private communication against Trojan horse attack • With Quantum cryptography we can create a communication chancel where it is impossible to eavesdrop without disturbing the transmission. • On this idea is based the quantum key algorithm.

  29. Protection of the quantum private communication against Trojan horse attack In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Those system always use symmetric key cryptographic algorithms.

More Related