How to Predict Viruses Under Uncertainty
|
|
- Baldric Phillips
- 6 years ago
- Views:
Transcription
1 How to Predict Viruses Under Uncertainty InSeon Yoo and Ulrich Ultes-Nitsche Department of Informatics, University of Fribourg, Chemin du Musee 3, Fribourg, CH-1700, Switzerland. phone: +41 (0) /9149 {in-seon.yoo, Abstract. We try to answer these questions in this paper; how to detect viruses without signatures?, how much probability can tell us whether the mail is abnormal?, and how can we detect virus patterns in an infected file?. In order to find out relations between viruses and detectable knowledge, we analysed propagation of viruses and characteristics of viruses, studied infected files structure and applied Bayesian networks and Self-Organizing Maps to adaptive detection against viruses. KEY WORDS Viruses, Network Security, Adaptive Detection 1 INTRODUCTION Many commercial systems are used in an attempt to detect and prevent virus attacks. The most popular approach to defend against malicious program is through anti-virus scanners such as Symantec [1] and McAfee [2], as well as server-based filters that filters with executable attachments or embedded macros in documents. However, the weakest point is that new virus or even modified virus from known-virus is not able to detect by the anti-virus scanners. viruses are spread via SMTP, they misuse Internet protocols. Considering this, we analysed viruses with statistics in previous our work [3]. We will address this feature with a Bayesian network [4] in Section 2. After analysing viruses feature, we found several evidences. However, we also need to predict how much probability is being malicious given this evidence later, that is why we have chosen the Bayesian network. When we use Bayesian networks, using prior and likelihood probabilities from several evidences, we can get posterior information of being maliciousness. In other words, we can get predictable probabilities of being malicious given several evidences based on prior characteristic analysis. When we analysed infected files structure, we found that there are virus position in each file format. Before viruses infect systems, if we detect this peculiar patterns in the attachment, we expect to detect either unknown or zero-day attack viruses. We have chosen Self-Organizing Maps (SOMs) [5] because of infected files structure. We will address details about this in Section 3. We believe that this study of adaptive detection will be useful to reduce risks by viruses to other secure systems such as firewalls, IDSs, and anti-viruses.
2 2 PROBABILISTIC INDUCTION FROM VIRUS PACKETS To make a statistical relation between interesting events among incomplete data, we have chosen Bayesian networks [4], or probabilistic graphical models. The Naive Bayesian classifier [6] among several Bayesian network models, we have currently built, can classify packets of SMTP protocol. We analysed certain packet characteristics [3] that allow us to attach to packets probabilities of their maliciousness. The analysed file characteristics are used for the parameters of the Naive Bayesian classifier. 2.1 Naive Bayesian Classifier for Packets Melissa and VBS/LoveLetter were among the first viruses to illustrate the problem with attachments and trust. They made use of the trust that exists between friends or colleagues; they received an attachment from a friend who asks to open it. This is what happens with Win32/SirCam and other similar viruses as well. Furthermore, s with malformed MIME headers are one of methods to attack systems. According to our analysis of Internet viruses [3], about 80% of Windows file worms are transferred via , and approx. 61% have an.exe file extension. In addition, average 2% of all s per month contain virus data, 80% of which are in an executable file format. In executable attachment formats, there are.exe (64%),.SCR (22%),.COM (6%),.PIF (22%),.BAT (3%),.VBS (2%), and Others (12%). Attachments are probably still the number one threat in systems. Fig. 1. A Naive Bayesian classifier for detecting abnormal s. According to this prior information, we can select and examine four aspects of SMTP packets: a header part, a sender part, a recipient part, and an attachment part. Here, we use four variables which are in correspondence with the four factors above; a header part (H), a sender part (Fr), a recipient part (To), and an attachment part (EF). Each part of an SMTP packet is examined in a checking process. In this process, each part is assigned as TRUE or FALSE. After checking process, each part s values are assigned to the Naive Bayesian classifier in Fig.1. This Naive Bayesian classifier represents the probabilities of being malicious given several evidences such as malformed H,
3 Fr, To, and EF. We assigned the prior probabilities of a malicious mail and the likelihood probabilities of a malicious executable attachment according to our results obtained from statistics data [3]. The other prior probabilities are assigned as subjective values based on the prior probability of a malicious mail. As a result, each node has four likelihood probabilities; two (TRUE or FALSE) different probabilities for each node given two cases (TRUE or FALSE) for the potaintial maliciousness of a mail packet, which is denoted by M. We built the Naive Bayesian classifier like in Fig.1, then we used an exact inference algorithm for Bayesian inference using MATLAB 5.3 [7]. The results of posterior probabilities from the Naive Bayesian classifier are in [Table 1]. Table 1. Results of posterior probabilites from the Naive Bayesian Network Probability of Malicious Mail (M = T) given evidences Results P (M = T H = F ) P (M = T H = F F r = F ) P (M = T H = F F r = F T o = F ) P (M = T H = F F r = F T o = F EF = T ) P (M = T F r = F ) P (M = T F r = F T o = F ) P (M = T F r = F T o = F EF = T ) P (M = T T o = F ) P (M = T T o = F EF = T ) P (M = T EF = T ) Through this result, we may predict the probability of being malicious if certain evidence is given. For example, if only the header part is FALSE (meaning that it is malformed), the maliciousness of current SMTP packet is If the sender part and the recipient part are FALSE, the maliciousness is If the sender part is FALSE, and the mail includes an executable attachment, the probability of being malicious is However, note that this executable attachment is not recognized as a malicious executable file yet in this moment. This Bayesian network just tells us because this is an executable file, the probability of being malicious is like this value (0.7860). The detailed process for recognizing this executable file is the next step (we address this problem in the following Sections). Nevertheless, the value of the probability to be malicious is quite sensible. 3 LEARNING INFECTED FILES PATTERNS We address infected files format patterns rather than the virus itself in this section. A virus is a piece of code, however it infects several files and changes their forms as an effect of the infection. Once the virus program infects several files in one system, existing files contain a piece of virus code and are spread as another infected virus
4 program. The following will examine the virus-infected programs structure and reflection of these virus-infected files by Self-Organizing Maps (SOMs) [5]. After examining virus-infected files structure and virus features, we believe there is a recognizable area like a signature. When we experimented with virus-infected files using a SOM, the result increased our confidence in virus detection using SOMs significantly. We aim to design the SOM in a way that neurons will flag the presence of peculiar patterns in data packets and that the position of the active neurons will reflect the position of potentially malicious content in the packet. We show the results of various virus-infected format in this section. For example, the Jerusalem virus of DOS EXE format and the Win95 CIH virus of Windows New EXE format is in Fig.3 and Macro Word97.Mbug virus is in Fig Parasitic Viruses : EXE format Parasitic Viruses are all the file viruses which have to change the contents of target files while transferring copies of themselves, but the files themselves remain to be completely or partly usable. The most common method of virus incorporation into a file is by appending the virus to the end of file. In this process the virus changes the top of file in such way that the virus code is executed first. This kind of appending is simple and usually effective. The virus writer does not need to know anything about the program to which the virus will append and the appended program simply serves as a carrier for the virus [8]. Fig. 2. Virus positions in DOS EXE/New EXE file. In the DOS EXE file header, the starting address is changed, and the length of the executable module is changed. Or less often the stack pointer registers are changed, then the virus goes to change the CRC(Cyclic Redundancy Checksum) part of the file and so on. In the Windows and OS/2 executables (newexe - NE, PE, LE, LX), the fields in the NewEXE header are changed. The structure of this header is much more complicated than that of a conventional DOS EXE file, so there are more fields to be changed; the starting address, the number of sections in the file, properties of the sections and so on.
5 In addition to that, before infection, the size of the file may increase to a multiple of one paragraph (16 bytes) in DOS or to a section in Windows and OS/2. The size of the section depends on the properties of the EXE file header. Fig.2 shows this case. Fig. 3. Self-Organizing Maps of DOS EXE/NEW EXE files infected by Jerusalem viruses, and Win95.CIH viruses. The Jerusalem virus is one of the oldest viruses. There are numerous variants of it. The Jerusalem virus infects both.exe and.com executable files except COM- MAND.COM [9]. Although each variant s SOM has different degree of weight, we found lower weighted figure of the SOM is in similar location; the lower weighted data of DOS EXE format are in middle-left side. (see Fig.3). The Win95.CIH (aka. Chernobyl) is a Windows95/98 specific parasitic virus infecting Windows PE (Portable Executable) files, about 1Kbyte of length. There are three original virus versions (1.2, 1.3 and 1.4) known, which are very closely related and only differ in few parts of their code. They have different lengths, texts inside the virus code and trigger date. Fig.3 shows the trained SOMs of Win95.CIH 1.2, 1.3 and 1.4 infected New EXE files. Each Win95.CIH has very similar location of lower weighted data, although other weighted data are distributed differently. 3.2 Macro Viruses Macro viruses are in fact programs written in macro languages, built into some data processing systems such like Microsoft Word, and Microsoft Excel spreadsheet. To propagate, such viruses use the capabilities of macro languages and with their help transfer themselves from one infected file, e.g. document or spreadsheet, to another. Macro viruses for Microsoft Word, Microsoft Excel and Office97 are most common. Fig.4 shows the case. File worms are able to infect Word documents, and Excel viruses can infect Excel spreadsheets. The same is true for Office97[10].
6 Fig. 4. Macro virus position in an infected document, and SOMs of Word97 file infected by Macro viruses. The Macro.Word97.Mbug virus is a class macro virus for Word97 documents and templates. The infected file is an MS Word, document file. Variants of the Macro.Word97.Mbug virus are presented in Fig.4 after training by the SOM. The lower weighted data distribution of Macro.Word97.Mbug is very clear, big portion of upper-middle side. We have to mention that Microsoft Word Version 6 and 7 allows to encrypt macros in documents [10]. Therefore some word viruses are present inside the infected documents in an encrypted and execute only form. 4 ADAPTIVE DETECTION OF VIRUSES We have examined how to get the probability of being malicious when several evidences are given, how the SOM can train several format s infected files. In this section, we discuss how to apply these two factors to adaptive detection against viruses. Fig.5 represents the process flow of detecting viruses combined with a probability of being malicious. Decoded SMTP packets flow into individual check processes e.g. check header, check sender, check recipient, and check attachment. In the middle-centre of Fig.5, one of the processes to get the probability of being malicious is displayed. Solid boxes represent set TRUE. Each row represents H, Fr, To, and EF which are in correspondence with check header, check sender, check recipient, and check attachment. P(A) denotes only EF = T (meaning that there are executable attachments in this mail.), P(B) will be calculated by combined probabilities of H, Fr, and To. P(C) denotes the whole combined probability of the four factors. There are two different process flows. One is based on attachment existence, and the other is without an attachment. In the first case, P(A), P(B) and P(C) are calculated, if we only consider an attachment in an packet, i.e. we follow the first process flow. If the attachment is not executable, and if P(B) is over 0.4, this hints
7 Fig. 5. Process flow of detection viruses combined with probability of being malicious. towards the fact that this mail could be a document or compressed file. We then need to check for macro viruses by SOMs if this is a document file. The Macro.Word97.Mbug and Melissa virus are covered by this category. If the attachment is executable, but it has no multiple extensions, and if only P(C) exists, it means that this executable file is likely to be infected. Therefore it needs to be checked for infected files by SOMs. The Win95.CIH (Chernobyl) is in this category. However, if not only P(C) but also P(A) exist, and if P(A) is over 0.7, it means that this mail probably contains a virus executable attachment. Nimda worm, W32/Goner and W32/Gibe are covered by this case. As Fig.5 shows, if the attachment is executable and has multiple extensions, it already means it contains with a very high probability abnormal and/or malicious code. In addition to this, if P(C) is over 0.8, we are almost certain that this attachment is a virus file. W32/SirCam, W32/MyParty, VBS/LoveLetter, and W32/BadTrans are in this category. Apart from an attachment part, if the mail does not include any attachment, we can only deal with P(B). If P(B) is over 0.41, this mail is very suspicious. The decision of dropping this mail depends on the security policy. Furthermore, if P(B) is over 0.9, it means this mail is almost 100% abnormal. Subsequently this probability based decision like in Fig.5 combined with determination of macro viruses or infected files based on SOMs will help to detect new viruses and variants of known viruses.
8 5 CONCLUSION AND FUTURE WORK Using the Naive Bayesian classifier, we analysed certain packet characteristics that allow us to attach probabilities of their maliciousness to data packets. The Bayesian network we have currently experimented with can classify packets of the SMTP protocol. To define the parameters of the Bayesian network we have exhaustively analysed file characteristics of virus attachments to s. Moreover, we investigated the infected files patterns based on each file format using SOMs. Initial experiments show that this approach appears to be successful. Finally we proposed an adaptive detection combined with probabilities of being malicious and suggested necessity of macro viruses or infected files using SOMs in two situations. Although this study is very experimental approach, it addresses many relations between the SMTP protocol and the probability of being malicious, and between file formats and the SOMs of infected files. In addition, using this relations, we may predict viruses. For future work, we will apply other protocols to detect other attacks using Bayesian networks, and find out infected pattern s point to distinguish between normal and infected files using SOMs. References 1. Symantec, Symantec worldwide homepage, Online Publication. 2. McAfee, Mcafee home page, Online Publication. 3. IS.Yoo and U.Ultes-Nitsche, intelligent firewall: Packet-based recognition against internetscale virus attacks., Conference on Communications and Computer Networks (CCN 2002), November J. Pearl, Probabilistic Reasoning In Intelligent Systems: Networks of Plausible Inference. San Mateo, California: Morgan Kaufmann Publishers, Inc., T.Kohonen, Self-Organizing Maps. Berlin, Heidelberg: Springer, P. Langley and S. Sage, induction of selective bayesian classifiers, Proceedings of the 10th Conference on Uncertainty in Artificial Intelligence, Morgan Kaufmann, MATHWORKS, The mathworks, inc., MATLAB. 8. C. P.Pfleeger, Security in Computing. Prentice-Hall International, Inc., International Edition, Second Edition. 9. N. A. Inc, Virus information library : Jerusalem, Online Publication. 10. E. Kaspersky, Virus analysis texts - macro viruses, Online Publication.
Small Office Security 2. Mail Anti-Virus
Small Office Security 2 Mail Anti-Virus Table of content Table of content... 1 Mail Anti-Virus... 2 What is Mail Anti-Virus... 2 Enabling/Disabling Mail Anti-Virus... 2 Operation algorithm of Mail Anti-Virus...
More informationInternet Security Mail Anti-Virus
Internet Security 2012 Mail Anti-Virus Table of Contents Mail Anti-Virus... 2 What is Mail Anti-Virus... 2 Enabling/disabling Mail Anti-Virus... 2 Operation algorithm of Mail Anti-Virus... 2 Changing Mail
More informationKaspersky PURE 2.0. Mail Anti-Virus: security levels
Mail Anti-Virus: security levels Content Mail Anti-Virus. Security levels... 2 Operation algorithm of Mail Anti-Virus... 2 Security levels of Mail Anti-Virus... 2 Customizing security level... 4 Creating
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
Comparison of Firewall, Intrusion Prevention and Antivirus Technologies (How each protects the network) Dr. Gaurav Kumar Jain Email: gaurav.rinkujain.jain@gmail.com Mr. Pradeep Sharma Mukul Verma Abstract
More informationArtificial Immune System against Viral Attack
Artificial Immune System against Viral Attack Hyungjoon Lee 1, Wonil Kim 2*, and Manpyo Hong 1 1 Digital Vaccine Lab, G,raduated School of Information and Communication Ajou University, Suwon, Republic
More informationAnti-Virus. Anti-Virus Scanning Overview. This chapter contains the following sections:
This chapter contains the following sections: Scanning Overview, page 1 Sophos Filtering, page 2 McAfee Filtering, page 4 How to Configure the Appliance to Scan for Viruses, page 6 Sending an Email to
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationCAMELOT Configuration Overview Step-by-Step
General Mode of Operation Page: 1 CAMELOT Configuration Overview Step-by-Step 1. General Mode of Operation CAMELOT consists basically of three analytic processes running in a row before the email reaches
More informationCERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES
CERT-In Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES Department of Information Technology Ministry of Communications and Information Technology Government of India Anti Virus
More informationLecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422
Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse?
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationVenusense UTM Introduction
Venusense UTM Introduction Featuring comprehensive security capabilities, Venusense Unified Threat Management (UTM) products adopt the industry's most advanced multi-core, multi-thread computing architecture,
More informationHow to Configure Virus Scanning in the Firewall for FTP Traffic
How to Configure Virus Scanning in the Firewall for FTP Traffic The X-Series Firewall scans FTP traffic for malware on a per-access-rule basis when FTP virus scanning in the firewall is enabled. Both active
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationMET: An Experimental System for Malicious Tracking
MET: An Experimental System for Malicious Email Tracking Manasi Bhattacharyya, Matthew G. Schultz, Eleazar Eskin, Shlomo Hershkop, and Salvatore J. Stolfo Department of Computer Science, Columbia University
More informationWeb Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates
Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates A test commissioned by McAfee, Inc. and performed by AV-Test GmbH Date of the report: December 7 th, 2010 (last
More informationManaging SonicWall Gateway Anti Virus Service
Managing SonicWall Gateway Anti Virus Service SonicWall Gateway Anti-Virus (GAV) delivers real-time virus protection directly on the SonicWall security appliance by using SonicWall s IPS-Deep Packet Inspection
More informationExam in Computer Networks
Exam in Computer Networks Date 2003-10-24 Course code 1DT131 / 1DT633 Exam time 3/5 hours Problems 6/10, Total 60/100 points Teacher Lars-Åke Larzon Phone 018-4712781, 070-5228109 Aid English dictionary
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationEmbeddable AntiVirus engine with high granularity our understanding and dream. seak
Embeddable AntiVirus engine with high granularity ---------- our understanding and dream seak Seak@antiy.net Syllabus Challenges to AV Principles High granularity processing Embeddable AV Engine Challenges
More informationIntruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: masquerader misfeasor clandestine user varying levels of competence
More informationOvercoming limitations of Signature scanning - Applying TRIZ to Improve Anti-Virus Programs
From the SelectedWorks of Umakant Mishra January, 2012 Overcoming limitations of Signature scanning - Applying TRIZ to Improve Anti-Virus Programs Umakant Mishra Available at: https://works.bepress.com/umakant_mishra/81/
More informationMalware Analysis and Antivirus Technologies: Antivirus Engine Basics
Malware Analysis and Antivirus Technologies: Antivirus Engine Basics Protecting the irreplaceable f-secure.com Detecting Malware Blacklisting Detecting badness Typically fairly reactive but heuristic and
More informationPrevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,
Prevx 3.0 v3.0.1.65 Product Overview - Core Functionality April, 2009 includes overviews of MyPrevx, Prevx 3.0 Enterprise, and Prevx 3.0 Banking and Ecommerce editions Copyright Prevx Limited 2007,2008,2009
More informationGFI MailSecurity 2011 for Exchange/SMTP. Administration & Configuration Manual
GFI MailSecurity 2011 for Exchange/SMTP Administration & Configuration Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and
More informationiq.suite Watchdog - Central virus protection - Intelligent server-based virus protection and file blocking through fingerprint technology
iq.suite Watchdog - Central virus protection - Intelligent server-based virus protection and file blocking through fingerprint technology Contents 1 Executive Summary... 2 2 Introduction... 2 3 Computer
More informationSmall Office Security 2. Scan PC for viruses and vulnerabilities
Small Office Security 2 Scan PC for viruses and vulnerabilities Table of content Table of content... 1 Scan PC for viruses... 2 What is Scan... 2 Starting scan... 2 Starting scan from the main application
More informationFree antivirus software download
Cari untuk: Cari Cari Free antivirus software download 3-11-2015 Avast has one of the most popular antivirus apps around, due in part to offering a free version, and it's one that performs respectably.
More informationVirus Analysis. Introduction to Malware. Common Forms of Malware
Virus Analysis Techniques, Tools, and Research Issues Part I: Introduction Michael Venable Arun Lakhotia, USA Introduction to Malware Common Forms of Malware Detection Techniques Anti-Detection Techniques
More informationImproved Signature-Based Antivirus System
Improved Signature-Based Antivirus System Osaghae E. O. Department of Computer Science Federal University, Lokoja, Kogi State, Nigeria Abstract: The continuous updating of antivirus database with malware
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationGFI product comparison: GFI MailEssentials vs. Barracuda Spam Firewall
GFI product comparison: GFI MailEssentials vs. Barracuda Spam Firewall Features GFI MailEssentials Barracuda Spam Firewall Integrates with Microsoft Exchange Server 2007/2010/2013 Scans incoming and outgoing
More informationINSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic
Virus Protection & Content Filtering TECHNOLOGY BRIEF Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server Enhanced virus protection for Web and SMTP traffic INSIDE The need
More informationReview Kaspersky Internet Security - multi-device 2015 online software downloader ]
Review Kaspersky Internet Security - multi-device 2015 online software downloader ] Description: Benefits Protecting all your connected devices the one-licence, easy-touse solution Kaspersky Internet Security
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationCSI5387: Data Mining Project
CSI5387: Data Mining Project Terri Oda April 14, 2008 1 Introduction Web pages have become more like applications that documents. Not only do they provide dynamic content, they also allow users to play
More informationEnsure you write your exam number on any sheets which are to be handed in. This paper consists of THREE pages and FOUR questions.
UNIVERSITY OF HERTFORDSHIRE Academic Year: 2012/13 Semester: B SCHOOL OF COMPUTER SCIENCE [Click here and type Department Title] 7COM1010 SECURE SYSTEMS PROGRAMMING DURATION OF EXAM: 2 Hours THE FOLLOWING
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model
More informationGFI product comparison: GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.5
GFI product comparison: GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.5 Features GFI MailEssentials Symantec Mail Security for Microsoft Exchange 7.5 Integrates with Microsoft Exchange
More informationNetwork Security Fundamentals
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 5 Viruses & Worms, Botnets, Today s Threats Viruses
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More informationSmall Office Security 2. File Anti-Virus
Small Office Security 2 File Anti-Virus Table of content Table of content... 1 File Anti-Virus... 2 What is File Anti-Virus... 2 Enabling/Disabling File Anti-Virus... 2 Operating algorithm of File Anti-Virus...
More informationRetrospective Testing - How Good Heuristics Really Work
Retrospective Testing - How Good Heuristics Really Work Andreas Marx amarx@gega-it.de AV-Test.org University of Magdeburg GEGA IT-Solutions GbR Retrospective Testing I What it is: Use an old (archived)
More informationReductions of the general virus detection problem
EICAR 2001 Best Paper Proceedings Leitold, F. (2001). Reductions of the general virus detection problem. In U. E. Gattiker (Ed.), Conference Proceedings EICAR International Conference, (pp. 24-30). ISBN:
More informationArtificial Intelligence Methods invirus Detection & Recognition
Artificial Intelligence Methods in Virus Detection & Recognition Introduction to heuristic scanning Wojciech Podgórski http://podgorski.wordpress.com October 16, 2008 Presentation outline 1 Introduction
More informationTata Power Company Ltd. Corporate Information Technology. IT Policy- Proxy Bypass IP Address Allocation
IT Policy- Proxy Bypass IP Address Allocation Tata Power Company Ltd. February 2005 1 2 Approval History Rev. 0. February 2005 Created By Checked By Approved By Shrikant H. Agarwal E. R. Batliwala VP 3
More informationPacket Header Anomaly Detection Using Bayesian Belief Network
26 ECTI TRANSACTIONS ON COMPUTER AND INFORMATION TECHNOLOGY VOL.3, NO.1 MAY 2007 Packet Header Anomaly Detection Using Bayesian Belief Network Mongkhon Thakong 1 and Satra Wongthanavasu 2, Non-members
More informationSecuring Your Business Against the Diversifying Targeted Attacks Leonard Sim
Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim Manager, Client & Partner Services, Asia 1 Agenda 2010 Threats Targeted Attacks Defense Against Targeted Attacks Questions 2
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationHow To Remove Virus Without Antivirus In >>>CLICK HERE<<<
How To Remove Virus Without Antivirus In Windows 7 Pdf Remove virus without antivirus, Here I have all necessary things and also I have steps to Few Effective Steps To Remove Virus Without Antivirus In
More informationGFI product comparison: GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange
GFI product comparison: GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange Features GFI MailEssentials Trend Micro ScanMail Suite for Microsoft Exchange Integrates with Microsoft
More informationTrend Micro SMB Endpoint Comparative Report Performed by AV-Test.org
Trend Micro SMB Endpoint Comparative Report Performed by AV-Test.org Results from October 2010 Executive Summary In October of 2010, AV-Test.org performed endpoint security benchmark testing on five marketleading
More informationNorton 360 Manual Scanning Not Working Windows 8
Norton 360 Manual Scanning Not Working Windows 8 My Norton product isn't starting or working on my computer Go through the next sections in this page and follow the instructions for the scenario that best.
More informationComputer Hacking Forensics Investigator
Computer Hacking Forensics Investigator ECCouncil 312-50 Dumps Available Here at: /eccouncil-exam/312-50-dumps.html Enrolling now you will get access to 502 questions in a unique set of 312-50 dumps Question
More informationSymantec Client Security. Integrated protection for network and remote clients.
Symantec Client Security Integrated protection for network and remote clients. Complex Internet threats require comprehensive security. Today's complex threats require comprehensive security solutions
More informationReal protection against real threats
Real protection against real threats Protection for any device For home and office For new purchases and renewals * PCs, Macs and mobile devices running OS supported by Dr.Web. www.drweb.com OOO Doctor
More informationSymantec Security.cloud
Data Sheet: Messaging Security filters unwanted messages and protects mailboxes from targeted attacks. The service has selflearning capabilities and Symantec intelligence to deliver highly effective and
More informationIBM Express Managed Security Services for Security. Anti-Virus Administrator s Guide. Version 5.31
IBM Express Managed Security Services for Email Security Anti-Virus Administrator s Guide Version 5.31 Table of Contents 1. Service overview...3 1.1 Welcome... 3 1.2 Anti-Virus (AV) features... 3 1.3 How
More informationComputer Security. Solutions
Computer Security Solutions What is the Problem? In general, the security issues we are trying to prevent include: illegal or unwanted access to your computer access to your personal information loss or
More informationUnit 5. System Security
Unit 5 System Security Intrusion Techniques The password file can be protected in one of two ways: One-way function: The system stores only the value of a function based on the user's password. When the
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationRealtime C&C Zeus Packet Detection Based on RC4 Decryption of Packet Length Field
, pp.55-59 http://dx.doi.org/10.14257/astl.2014.64.14 Realtime C&C Zeus Packet Detection Based on RC4 Decryption of Packet Length Field ChulWoo Park 1, HyoSung Park 1, KiChang Kim 1 1 Information and Communication
More informationAn Introduction to Virus Scanners
From the SelectedWorks of Umakant Mishra August, 2010 An Introduction to Virus Scanners Umakant Mishra Available at: https://works.bepress.com/umakant_mishra/76/ An Introduction to Virus Scanners Umakant
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationProtection Against Malware. Alan German Ottawa PC Users Group
Protection Against Malware Alan German Ottawa PC Users Group Minimum Requirements (1) Up-to-date anti-virus and anti-spyware software (2) Software firewall (3) Fully-patched operating system (Windows Update)
More informationThe Analysis of Traffic of IP Packets using CGH. Self Organizing Map
2015 International Conference on Computational Science and Computational Intelligence The Analysis of Traffic of IP Packets using CGH Self Organizing Maps Hiroshi Dozono Department of Advanced Fusion Saga
More informationMalware, , Database Security
Malware, E-mail, Database Security Malware A general term for all kinds of software with a malign purpose Viruses, Trojan horses, worms etc. Created on purpose Can Prevent correct use of resources (DoS)
More informationE4-E5 (CFA) For internal circulation of BSNLonly
E4-E5 (CFA) IT Tools for Office Management Objective The objective of this session is to make the executives of BSNL familiar with day-to-day use of different utilities of IT and demonstrate various practices
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 10 - Malware Evasion, Prevention, Detection, Removal Reading: Chapter 6 CompTIA Book, Links Overview Malware Techniques for Evasion Detection/Removal
More informationWeb Mail and e-scout Instructions
Web Mail and e-scout Instructions To log into e-scout: visit our home page at www.greenhills.net, click on web mail at the top of the page OR click on the customer center tab and then the webmail button,
More informationNetwork Defenses KAMI VANIEA 1
Network Defenses KAMI VANIEA 26 SEPTEMBER 2017 KAMI VANIEA 1 First the news http://arstech nica.com/secu rity/2015/04/ meet-greatcannon-theman-in-themiddleweapon-chinaused-ongithub/ 2 First the news http://arstechni
More informationFRISK Software International F-Prot AVES Managed Security Service
FRISK Software International F-Prot AVES Managed E-mail Security Service WHITE PAPER Table of Contents 1. INTRODUCTION...1 2. WHY DEVELOP F-PROT AVES?...1 3. PRODUCT DESCRIPTION AND ANALYSIS...2 3.1. How
More informationIntel Security Advanced Threat Defense Threat Detection Testing
Intel Security Advanced Threat Defense Threat Detection Testing DR150724C July 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 Products Tested... 4 3.0 How We Did It...
More informationMachine Problem 8 - Mean Field Inference on Boltzman Machine
CS498: Applied Machine Learning Spring 2018 Machine Problem 8 - Mean Field Inference on Boltzman Machine Professor David A. Forsyth Auto-graded assignment Introduction Mean-Field Approximation is a useful
More informationRemco Hobo. Virus and Worm scanning January 18, 2005
Remco Hobo Virus and Worm scanning January 18, 2005 In this report I will discuss different virus scan programs for Linux and BSD. Virus scanners are widely deployed under Windows, but under Linux and
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationIntrusion Detection Systems and Network Security
Intrusion Detection Systems and Network Security Chapter 13 Background A layered network security approach starts with a well-secured system: Up-to-date application and operating system patches. Well-chosen
More informationA. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008
Scada Malware, A Proof of Concept A. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008 Outline Motivations Testing Environment
More informationCollaborative Spam Mail Filtering Model Design
I.J. Education and Management Engineering, 2013, 2, 66-71 Published Online February 2013 in MECS (http://www.mecs-press.net) DOI: 10.5815/ijeme.2013.02.11 Available online at http://www.mecs-press.net/ijeme
More informationUndetectable Metamorphic Viruses. COMP 116 Amit Patel
Undetectable Metamorphic Viruses COMP 116 Amit Patel Abstract Signature scanning is an efficient technique employed by anti-virus systems to detect known malware. Signature scanning involves scanning files
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary
More informationGFI product comparison: GFI MailEssentials vs. McAfee Security for Servers
GFI product comparison: GFI MailEssentials vs. McAfee Security for Email Servers Features GFI MailEssentials McAfee Integrates with Microsoft Exchange Server 2003/2007/2010/2013 Scans incoming and outgoing
More informationFighting Spam, Phishing and Malware With Recurrent Pattern Detection
Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection
More informationEvolutionary Algorithm Approaches for Detecting Computer Network Intrusion (Extended Abstract)
Evolutionary Algorithm Approaches for Detecting Computer Network Intrusion (Extended Abstract) Kevin P. Anchor, Paul D. Williams, Gregg H. Gunsch, and Gary B. Lamont Department of Electrical and Computer
More informationMultiple Constraint Satisfaction by Belief Propagation: An Example Using Sudoku
Multiple Constraint Satisfaction by Belief Propagation: An Example Using Sudoku Todd K. Moon and Jacob H. Gunther Utah State University Abstract The popular Sudoku puzzle bears structural resemblance to
More informationHome/Network Computing
Home/Network Computing How to avoid becoming road kill on the Internet (Information Superhighway) Home Computing not as simple as it used to be almost all computers need to have sys-admin disk drives will
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationThe DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls
Network Security - ISA 656 Application Angelos Stavrou August 20, 2008 Application Distributed Why move up the stack? Apart from the limitations of packet filters discussed last time, firewalls are inherently
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 13 - Malware Evasion, Prevention, Detection, Removal Reading: Chapter 6 CompTIA Book, Links Overview Malware Techniques for Evasion Detection/Removal
More informationEasy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.
Security Solutions Our security suite protects against email spam, viruses, web-based threats and spyware while delivering disaster recovery, giving you peace of mind so you can focus on what matters most:
More informationDDoS Attacks Classification using Numeric Attribute-based Gaussian Naive Bayes
DDoS Attacks Classification using Numeric Attribute-based Gaussian Naive Bayes Abdul Fadlil Department of Electrical Engineering Ahmad Dahlan University Yogyakarta, Indonesia Imam Riadi Department of Information
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationDiscount Bitdefender Security for SharePoint website for free software ]
Discount Bitdefender Security for SharePoint website for free software ] Description: BitDefender Security for SharePoint provides antivirus and antispyware protection for your Microsoft SharePoint Server.
More informationUser s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.
User s Guide SingNet Desktop Security 2011 Copyright 2010 F-Secure Corporation. All rights reserved. Table of Contents 1. Getting Started... 1 1.1. Installing SingNet Desktop Security... 1 1.1.1. System
More informationThe Evolving Threat of Internet Worms
The Evolving Threat of Internet Worms Jose Nazario, Arbor Networks Why Worm Based Intrusions Relative ease Write once, run everywhere promise can come true Penetration Right past firewalls
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationUnknown Malicious Code Detection Based on Bayesian
Available online at www.sciencedirect.com Procedia Engineering 15 (2011) 3836 3842 Advanced in Control Engineering and Information Science Unknown Malicious Code Detection Based on Bayesian Yingxu Lai
More informationTowards Blocking Outgoing Malicious Impostor s
Towards Blocking Outgoing Malicious Impostor Emails Erhan J. Kartaltepe Shouhuai Xu Department of Computer Science, University of Texas at San Antonio {ekartalt,shxu}@cs.utsa.edu Abstract Electronic mails
More information