1 / 11

CVI / PRS Computer Virus Information / Propagation Research System

A research project exploring proactive virus detection systems using custom software and VMWare. Monitors virus activity and provides analysis of different virus types.

egarcia
Download Presentation

CVI / PRS Computer Virus Information / Propagation Research System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CVI / PRSComputer Virus Information / Propagation Research System Eric Miller and Brian Schill CS 522

  2. Why? • There are many viruses that are not researched by the major virus detection companies. • We believe this project and research could eventually lead to more successful proactive virus detection systems. • Exploring the capabilities of VMWare.

  3. Setup and Tools • VMWare – Virtual operating system • CVI / PRS – Custom software for monitoring software • Virus Types

  4. VMWare • Windows 98 guest OS running on Windows XP host. • Disabled networking • Easy restoration • Controlled environment

  5. CVI / PRS • Java application that monitors virus activity on the guest OS • Run on the guest OS • Watches for changes in the directory • DirWatcher.java • Virus Database

  6. Virus Research Example Virus types • Win32 • Worms • Scripts • Example – Bee • Undocumented virus • Run CVI / PRS for results

  7. Example – Continued • Enter initial data into CVI / PRS

  8. Example Continued • Run CVI / PRS

  9. Interpretation of Results • Win32 • Typically deleted executables • Damaged system files/registries • Corrupted system beyond repair after several reboots • Worms • Affected networking files (IPConfig, Traceroute, etc) • Deleted executables • Scripts • Replicated themselves efficiently • Search through file systems to attach themselves to other scripting files • Our program effectively identified changes to the OS

  10. Future Improvements • Differentiate between regular and irregular activity • Various launching capabilities • Better database scheme • XML • Interpret results • Severity report, future capability prediction • Include database for cross-virus predictions and observations • Run the program from the host operating system, monitoring the guest operating system • Difficult restart • Monitor network ports and registry files

  11. Footnotes • Thank you to individuals previously involved in the project • Ben Abernathy • Zach Thomas • Michael May • Initial source code • Viruses

More Related