![REFERENCE
[1] D. Moore, C. Shannon, and J. Brown, “Code Red: A Case
Study on the Spread and Victims of an Internet Worm,” Proc.
Second Internet Measurement Workshop (IMW), Nov. 2002.
[2] D. Moore, V. Paxson, and S. Savage, “Inside the Slammer
Worm,” IEEE Magazine of Security and Privacy, vol. 4, no. 1, pp.
33-39, July 2003.
“The Security Essentials “ by local author.](https://image.slidesharecdn.com/ppt-160420003101/85/Detection-of-Self-Disciplinary-Worms-25-320.jpg)
Detection of Self-Disciplinary Worms
- 1. Krishna Chaitanya Yarlagadda 011103105 INTERNAL GUIDE Mr.J.Sethuraman
- 2. TITLE Self-Disciplinary Worms and Countermeasures : Modeling and Analysis
- 3. SCOPE To develop the proper countermeasures for defending against self-disciplinary worm
- 4. THEORETICAL BACKGROUND Most previous work assumed that a worm always propagates itself at the highest possible speed. Some newly developed worms (e.g.,“Atak” worm) contradict this assumption by deliberately reducing the propagation speed in order to avoid detection. As such, we study a new class of worms, referred to as self- disciplinary worms. These worms adapt their propagation patterns in order to reduce the probability of detection, and eventually, to infect more computers. We demonstrate that existing worm detection schemes based on traffic volume and variance cannot effectively defend against these self-disciplinary worms
- 5. EXISTING SYSTEM In the existing system the worms infecting a number of computers without being detected, the worm propagator can remotely control the infected computers and use them as stepping stones to launch further attacks (e.g., distributed denial-of-service (DDOS) , phishing and spyware. In most of the existing system, if a system is affected by worm it is cleared by using antivirus software. But if the operating system of a system gets affected by worm it is impossible to clear it. As a result the operating system has to be formatted and a new operating system only should be installed. If worm were found out and cleared user might not know about the source node which sent the worm file. This is major disadvantage in the existing systems.
- 6. PROBLEM DEFINITION In networks we have diversified applications like file sharing, collaborations, and process sharing and distributed computing. Over the years, worms have emerged as a main source of trouble in P2P or client/server networks. If hackers’ identifies the threshold value of any systems means they can easily spread the worms among the network. Another problem is, it is difficult to identify the original source.
- 7. PROPOSED SYSTEM In the proposed system, we can make a best identification of the propagator based on their request. Whenever any node detects any worms automatically the worm is detected by our proposed system and deletes the worm file also. And with the help of the patch framework, the worm in the affected system is cleared. And also here we perform the IP trace back for finding out the original source which produces the worms. Thus this proposed system meets the following merits. Worm is detected dynamically Both dynamic and static worms are detected efficiently Alert the user Fetch out the worm source
- 8. MODULES Worm propagator. Spectrum Analysis. Worm detection. Trace back. Attack Source Elimination.
- 9. MODULE DESCRIPTION Module 1:WORM PROPAGATOR Worm propagator is the attacker who spreads the worm in a network. In common a worm propagator has two objectives: To maximize the number of infected computers. To avoid being traced back.
- 10. MODULE DESCRIPTION Module 2:Spectrum Analysis In the Spectrum Analysis, the worm’s behavior is monitored continuously. Based on the behavior of the worm for a period of time, we could able to find whether the worm is static or dynamic behavior. Usually the static behavior worms can be controlled by the usual Traditional method. But this Spectrum method is used to find out the dynamic behavior of the worms
- 11. MODULE DESCRIPTION Module 3:Worm Detection Self disciplinary worms may be dynamic propagating worm or static propagating worm. A major effort for detecting worm propagation has been the Internet Threat Monitoring (ITM) system. An ITM system consists of one centralized data center and a number of monitors, which are distributed across the Internet at hosts, routers, and firewalls, etc. Each monitor is responsible for monitoring suspicious traffic and reporting them to the data center. The data center then analyzes the collected traffic logs and detects worm attacks.
- 12. MODULE DESCRIPTION Module 4:IP Trace back Another defensive countermeasure is trace back, which enables law enforcement agencies to identify the original worm propagators and punish them. A trace back scheme typically involves a number of routers, which monitor all through-traffic and store traffic logs in a storage server. When a “trace back” order is given, the traffic logs (e.g., flow-level recorded logged by the networks) are postmortem analyzed in order to identify the origins of the worm propagator. When the source of the worm is detected the system alerts the node about the source and blocks all packets from that particular source.
- 13. MODULE DESCRIPTION Module 5:Attack Source Elimination Once we apply the IP Trace back system, we can identify the exact source of the system which is involved in spreading of the worms. We are identifying the Source of the Worm creator & we can eliminate that system from the network. This process of elimination would create more secured communication.
- 14. DATAFLOW DIAGRAM
- 15. SEQUENCE DIAGRAM
- 16. USE CASE DIAGRAM
- 17. CLASS DIAGRAM
- 18. METHODOLOGY ADOPTED AND SYSTEM IMPLEMENTATION Module 1: The worm propagator is the one which spreads the worms across the network to effect the more number of computers. This module is implemented by sending the worm contained files across the network. Module2: The behavior of the system is monitored continuously and any change in the behavior can be detected by the Spectrum Analysis method.
- 19. METHODOLOGY ADOPTED AND SYSTEM IMPLEMENTATION Module 3: The worm detector identifies whether the type of file is an ordinary file or worm affected file . The dummy worm files are downloaded and kept in one folder to differentiate them from ordinary ones. Module4: The source node which sends the worm file across the network is identified in this module. Module 5: Here after we identify the source node we are eliminating the source node from the network if is a worm contained file from the node.
- 20. METHODOLOGY ADOPTED: JDK 1.3 : we have made use of Java Development Kit JDK 1.3. As a result, the various .java files of an applet must be compiled with this software. Java swing : The Swing toolkit includes a rich set of components for building GUIs and adding interactivity to Java applications. Swing includes all the components of a modern toolkit such as table controls, list controls, tree controls, buttons, and labels. MS SQL server 2000 : Microsoft SQL Server 2000 is a full-featured relational database management system (RDBMS). It offers a variety of administrative tools to ease the burdens of database development, maintenance and administration
- 21. SYSTEM PLANNING Create a GUI and enter the number of nodes and node names. Establish the connection between the nodes using their ports and their IP addresses. The source and destination connections established are stored in the database. Create one applet for each node in the network .Include the options in it which are necessary for the nodes in the network to communicate(example :to browse and send a file across the established connection). The dummy worm files are downloaded and kept in a separate folder.
- 22. SYSTEM PLANNING If the communication between the nodes is file which is an ordinary file communication continues and so on. If the communication between the nodes is a worm contained file then worm gets detected and the source node is identifies. After the source node is identified by using the Attack Source Elimination the source node which spreads the worm is disconnected from the network to provide a secured communication.
- 23. CODING: Code for connecting database public void ConnectDB() { try{ Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); con=DriverManager.getConnection("jdbc:odbc:DRIVER=SQL Server;Server=.;Database=dht1;UID=sa"); stmt= con.createStatement(); }catch(Exception ex){ ex.printStackTrace(); System.out.println(ex); } }.
- 24. HARDWARE REQUIREMENTS Processor : Pentium II 266 MHz RAM : 64 MB HDD : 2.1 GB SOFTWARE REQUIREMENTS Platform : Windows Xp Front End : Java JDK 1.3,swings Back End : MS SQL Server
- 25. REFERENCE [1] D. Moore, C. Shannon, and J. Brown, “Code Red: A Case Study on the Spread and Victims of an Internet Worm,” Proc. Second Internet Measurement Workshop (IMW), Nov. 2002. [2] D. Moore, V. Paxson, and S. Savage, “Inside the Slammer Worm,” IEEE Magazine of Security and Privacy, vol. 4, no. 1, pp. 33-39, July 2003. “The Security Essentials “ by local author.