real time malware defense system in linux
DESCRIPTION
My third year I.T engineering seminar was Real Time Malware Defense System Based On Linux Task Structure. If anybody felt of asking something. Feel free.TRANSCRIPT
![Page 1: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/1.jpg)
Real-Time Malware Defense System (Based On Linux Task Structure)
Seminar By : Dilip K. Jaiswal
Class : T.E-I.T
Roll No : 55
Guided By : Prof. Bhushan S. Chaudhari
1
![Page 2: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/2.jpg)
Contents
• Introduction
• Malware
• What is process And How it works in Linux
• Related Work
• Detection Based on System Call
• Architecture of RTMDS
• Modes of Operation
• Task Structure
2
![Page 3: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/3.jpg)
Contents (cont...)
• Criteria Of Detecting Malware
• System Designing
• Getting Process information
• Detecting Malicious activity in Linux
• Advantages
• Conclusion
• References
3
![Page 4: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/4.jpg)
Introduction
• Focus on Processes for information security.
• Real Time monitoring at Kernel Level
• It will fully achieve anti-virus and anti-sobatage system
4
![Page 5: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/5.jpg)
Malware
• Worms
• Viruses
• Trojan Horse
5
![Page 6: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/6.jpg)
What is Process?
• A program under is execution called as Process.
6
![Page 7: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/7.jpg)
Working of Processes in Linux
• How process is created
• Where process information get stored
7
![Page 8: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/8.jpg)
Related Work
• API Interface or System Call provided by O.S.
• Through system Calls there are two techniques
– Signature based Analysis
– Signature free Analysis
8
![Page 9: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/9.jpg)
Detection Based On System Call
Signature Based Analysis
• System maintains Database to detect malware
• System Continuously runs as a daemon process
Signature Free Analysis
• No Such Database is maintained
• Detection is done using process descriptor
9
![Page 10: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/10.jpg)
Architecture Of RTMDS
10
![Page 11: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/11.jpg)
Modes Of Operation
• Kernel Level
• User level
11
![Page 12: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/12.jpg)
Task Structure • Task Descriptor • The task_struct structure is allocated via the slab allocator. • Slab allocator • Task Structure • struct task_struct { pid_t pid; pid_t tgid; pid_t uid; Void *stack;
__u32 status; time _t utime; time _t stime; int nvcsw; int preempt_count; }
12
![Page 13: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/13.jpg)
Criteria Of Detecting Malware
• From the task structure and observe the behavior and properties of the process.
• following criteria that has been mentioned
– Scheduling lists & Process lists
– Memory mapping
13
![Page 14: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/14.jpg)
Activity Diagram
14
![Page 15: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/15.jpg)
Communication Diagram
15
![Page 16: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/16.jpg)
Getting Process Information • cat /proc/P_id/status
• cat /proc/P_id/stack
• cat /proc/meminfo
16
![Page 17: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/17.jpg)
Detecting Malicious Activity in Linux • sudo cat /etc/shadow
• sudo cat /etc/passwd
• sudo top or sudo htop
17
![Page 18: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/18.jpg)
Conclusion
• Detects Malware and kills during its execution time
• It has least false alarms and higher accuracy
18
![Page 19: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/19.jpg)
References
1. Farrukh Shazad, Sohali Bhatti, Muhammad Shahzad and Muddsar Farukh, InExecution Malware Detection using Task Structureof Linux process 978-1-61284-233- 2/11/2011 IEEE.
2. Nwokedi Ldika, Aditya Mathur, A Survey of Malware Detection Techniques, Research supported by Arxan Technologies/21STC.R&T Fund,2/2/2007.
3. Farrukh Shazad, M. Shahzad, Muddassar Farooq; “In-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS”.
4. Robert Love; "Linux Kernel Development", 3rd Edition. 5. Robert Love; "Linux Kernel Development, Developer's Library", 3rd
Edition. 6. Dilip Pandit, Dineshkumar Kongonda, Kabita Ghosh, Ravikumar
Wagh, Tushar Kute;"Real Time Malware Defense System"
19
![Page 20: Real Time Malware Defense System in LINUX](https://reader034.vdocuments.net/reader034/viewer/2022042614/559e0f761a28ab4e088b458c/html5/thumbnails/20.jpg)
THANK YOU
ANY QUERIES…??
20