CVI / PRS Computer Virus Information / Propagation Research System - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

CVI / PRS Computer Virus Information / Propagation Research System

Description:

Windows 98 guest OS running on Windows XP host. Disabled networking. Easy restoration ... Corrupted system beyond repair after several reboots. Worms ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 12
Provided by: EMIL169
Learn more at: http://cs.uccs.edu
Category:

less

Transcript and Presenter's Notes

Title: CVI / PRS Computer Virus Information / Propagation Research System


1
CVI / PRSComputer Virus Information /
Propagation Research System
  • Eric Miller and Brian Schill
  • CS 522

2
Why?
  • There are many viruses that are not researched by
    the major virus detection companies.
  • We believe this project and research could
    eventually lead to more successful proactive
    virus detection systems.
  • Exploring the capabilities of VMWare.

3
Setup and Tools
  • VMWare Virtual operating system
  • CVI / PRS Custom software for monitoring
    software
  • Virus Types

4
VMWare
  • Windows 98 guest OS running on Windows XP host.
  • Disabled networking
  • Easy restoration
  • Controlled environment

5
CVI / PRS
  • Java application that monitors virus activity on
    the guest OS
  • Run on the guest OS
  • Watches for changes in the directory
  • DirWatcher.java
  • Virus Database

6
Virus Research Example
  • Virus types
  • Win32
  • Worms
  • Scripts
  • Example Bee
  • Undocumented virus
  • Run CVI / PRS for results

7
Example Continued
  • Enter initial data into CVI / PRS

8
Example Continued
  • Run CVI / PRS

9
Interpretation of Results
  • Win32
  • Typically deleted executables
  • Damaged system files/registries
  • Corrupted system beyond repair after several
    reboots
  • Worms
  • Affected networking files (IPConfig, Traceroute,
    etc)
  • Deleted executables
  • Scripts
  • Replicated themselves efficiently
  • Search through file systems to attach themselves
    to other scripting files
  • Our program effectively identified changes to the
    OS

10
Future Improvements
  • Differentiate between regular and irregular
    activity
  • Various launching capabilities
  • Better database scheme
  • XML
  • Interpret results
  • Severity report, future capability prediction
  • Include database for cross-virus predictions and
    observations
  • Run the program from the host operating system,
    monitoring the guest operating system
  • Difficult restart
  • Monitor network ports and registry files

11
Footnotes
  • Thank you to individuals previously involved in
    the project
  • Ben Abernathy
  • Zach Thomas
  • Michael May
  • Initial source code
  • Viruses
Write a Comment
User Comments (0)
About PowerShow.com