An anti virus scheme using digital signature and anomaly detection techniques
Among all the computer security breaches, viruses are the most frequent and destructive. Current anti- virus solutions focus too much on virus recognition techniques, causing new viruses to escape detection. Thus, this work proposes an anti-virus scheme that simply defends the data in the computer r...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2003
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/42601/1/SureshBabuSubramaniamFKE2003.pdf http://eprints.utm.my/id/eprint/42601/ http://libraryopac.utm.my/client/en_AU/main/search/detailnonmodal/ent:$002f$002fSD_ILS$002f0$002fSD_ILS:360506/one?qu=An+anti+virus+scheme+using+digital+signature+and+anomaly+detection+techniques |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Among all the computer security breaches, viruses are the most frequent and destructive. Current anti- virus solutions focus too much on virus recognition techniques, causing new viruses to escape detection. Thus, this work proposes an anti-virus scheme that simply defends the data in the computer regardless of the type and name of virus. The scheme comprises two layers of protection, where the first layer implements digital signature technique while the second layer implements anomaly detection technique. In the scheme, newly downloaded files that have been digitally signed using SHA-l and RSA algorithms are verified at the first layer. Here the source and integrity of the files are determined and the executables with authentic and genuine signatures are accepted and logged into a watch list. At the second layer, the behaviour of the new executables; the ones in the watch list, are monitored closely at the lowest level for any anomalies. These anomalies are either blocked or ignored depending on the configurations set by user. One of the main ideas of the proposed scheme is to focus on new executables alone, as viruses originate only from newly downloaded files, either from email attachments, shared files and folders or new software installation. To realize the proposed scheme a prototype has been developed for Microsoft Windows 98. Meanwhile, to verify the functionality of the prototype, a test program that simulates most of the virus behaviour is also devised. Test results have proven that the proposed scheme can offer users the desired protection against all kinds of malicious programs. |
|---|