Automated Blocking of Malicious Code with NDIS
Intermediate Driver
ABSTRACT:
With the evolution of malware technology, modern malware often hide its malicious behaviour in various methods. One of the popular manners is to conceal the network communication. This concealment technique poses obstacles to security mechanisms, which detecting the malicious behaviours. In this paper, we give an overview of the automated blocking malicious code project, a new approach to computer security via malicious software analysis and automatic blocking software. In particular, this project focuses on building a unified executable program analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. We propose
a technique for the Network Driver Interface Specification (NDIS) integrate together with a unified malicious software analysis platform. The NDIS model supports hybrid network transport NDIS drivers, called NDIS intermediate drivers. This driver lies between transport driver and NDIS driver. The advantage of using NDIS intermediate drivers is, it can see the entire network traffic taking place on a system as the drivers lie between protocol drivers and network drivers. By intercepting security-related properties from network traffic directly, our project enables a principled, root cause based approach.
Existing System:
- Despite these advances, many challenges are remain. One of the biggest challenge is they are mostly relying on the underlying Operating System’s support for data gathering and monitoring.
- However, the evolutions of malware programs have proof that they are capable to exploit the weakness.
- The capability to bypassing virtually all commodity, host-based firewall and intrusion detection system software on the market today has force security researchers seeking new method on detecting and blocking the malicious activities Detection of Data Flow Anomalies
Proposed System:
- In this paper we address a design system for intercepting and automating blocking of malicious network traffic by using NDIS Intermediate driver method.
- There are static or dynamic methods to detect data flow anomalies in the software reliability and testing field. Static methods are not suitable in our case due to its slow speed; dynamic methods are not suitable either due to the need for real execution of a program with some inputs.
Hardware Requirements
• SYSTEM : Pentium IV 2.4 GHz
• HARD DISK : 40 GB
• FLOPPY DRIVE : 1.44 MB
• MONITOR : 15 VGA colour
• MOUSE : Logitech.
• RAM : 256 MB
• KEYBOARD : 110 keys enhanced.
Software Requirements
• Operating system :- Windows XP Professional
• Front End :- Microsoft Visual Studio .Net 2008
• Coding Language : - C# 2008.
• Database :- SQL Server 2005
REFERENCE:
Lee Ling Chuan, Chan Lee Yee, Mahamod Ismail and Kasmiran Jumari, “Automated Blocking of Malicious Code with NDIS Intermediate Driver”, ICACT 2011, IEEE February 2011.
