Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Human cytomegalovirus wikipedia , lookup
Taura syndrome wikipedia , lookup
Elsayed Elsayed Wagih wikipedia , lookup
Marburg virus disease wikipedia , lookup
Hepatitis B wikipedia , lookup
Orthohantavirus wikipedia , lookup
Influenza A virus wikipedia , lookup
Canine distemper wikipedia , lookup
CVI / PRS Computer Virus Information / Propagation Research System Eric Miller and Brian Schill CS 522 Why? There are many viruses that are not researched by the major virus detection companies. We believe this project and research could eventually lead to more successful proactive virus detection systems. Exploring the capabilities of VMWare. Setup and Tools VMWare – Virtual operating system CVI / PRS – Custom software for monitoring software Virus Types VMWare Windows 98 guest OS running on Windows XP host. Disabled networking Easy restoration Controlled environment CVI / PRS Java application that monitors virus activity on the guest OS Run on the guest OS Watches for changes in the directory DirWatcher.java Virus Database Virus Research Example Virus types Win32 Worms Scripts Example – Bee Undocumented virus Run CVI / PRS for results Example – Continued Enter initial data into CVI / PRS Example Continued Run CVI / PRS Interpretation of Results Win32 Worms Affected networking files (IPConfig, Traceroute, etc) Deleted executables Scripts Typically deleted executables Damaged system files/registries Corrupted system beyond repair after several reboots Replicated themselves efficiently Search through file systems to attach themselves to other scripting files Our program effectively identified changes to the OS Future Improvements Differentiate between regular and irregular activity Various launching capabilities Better database scheme Interpret results Severity report, future capability prediction Include database for cross-virus predictions and observations Run the program from the host operating system, monitoring the guest operating system XML Difficult restart Monitor network ports and registry files Footnotes Thank you to individuals previously involved in the project Ben Abernathy Zach Thomas Michael May Initial source code Viruses