Beruflich Dokumente
Kultur Dokumente
ABSTRACT:
Active worms causes major security threats to the Internet. This is
due to the ability of active worms to propagate in an automated fashion
as they continuously compromise computers on the Internet. Active
worms evolve during their propagation and thus pose great challenges to
defend against them. Here we investigate a new class of active worms,
referred to as Camouflaging Worm (C-Worm in short). The C-Worm is
different from traditional worms because of its ability to intelligently
manipulate its scan traffic volume over time. Thereby, the C-Worm
camouflages its propagation from existing worm detection systems
based on analyzing the propagation traffic generated by worms.
To design a novel spectrum-based scheme to detect the C-Worm.
Our scheme uses the Power Spectral Density (PSD) distribution of the
scan traffic volume and its corresponding Spectral Flatness Measure
(SFM) to distinguish the C-Worm traffic from background traffic.
INTRODUCTION:
An active worm refers to a malicious software program that propagates
itself on the Internet to infect other computers. The propagation of the
worm is based on exploiting vulnerabilities of computers on the Internet.
pass through. However, as the Morris worm and Mydoom showed, the
network traffic and other unintended effects can often cause major
disruption. A "payload" is code designed to do more than spread the
wormit might delete files on a host system (e.g., the ExploreZip worm),
encrypt files in a cryptoviral extortion attack, or send documents via email. A very common payload for worms is to install a backdoor in the
infected computer to allow the creation of a "zombie" computer under
control of the worm author. Networks of such machines are often
referred to as botnets and are very commonly used by spam senders for
sending junk email or to cloak their website's address. Spammers are
therefore thought to be a source of funding for the creation of such
worms,[2][3] and the worm writers have been caught selling lists of IP
addresses of infected machines. Others try to blackmail companies with
threatened DoS attacks.
Backdoors can be exploited by other malware, including worms.
Examples include Doomjuice, which spreads better using the backdoor
opened by Mydoom, and at least one instance of malware taking
advantage of the rootkit and backdoor installed by the Sony/BMG DRM
software utilized by millions of music CDs prior to late 2005.
Camouflage:
Which is a method of crypsisavoidance of observationthat
allows an otherwise visible organism or object to remain indiscernible
EXISTING SYSTEM
Monitor 1
User 1
Monitor 2
User 2
Monitor 3
User 4
User 3
User 5
Holding users
Executable file
Send worm to all users
User1
Normal user
Ip and port
Browse file
User2
User3
Module:
Centralized Data Center
Monitoring
User
Report Preparation
Report Distribution
Module Description:
Centralized Data Center:
It will collect all the traffic logs from various network monitors for
identifying the worms by their IP address. Here the server uses a server
socket object with a specified port no and an accept method to accept the
clients or monitors to establish a connection
Monitoring:
It will monitor the authorized clients for their transaction and it
will identify the traffic log (IP address which are not commonly used
and dark IP address).
User:
In this module user can login to the centralized server for
authentication, once the client is treated as authorized then it can share
data with the neighbors in the network. It does this operation using a
socket programming , where a socket object is created and server ip
address and port no is provided as a parameter to the socket object to
establish a connection with the server(java.net package is used).
Report Preparation:
User:
Data
Center
Client
Server
Monitoring:
Client 1
.
Client n
Monitor
..
Client 1
Monitor 1
Server
Client 1
..
Report Preparation:
Client 1
Monitor 1
Server
Client 1
Client 1
Monitor n
Client 1
Report Distribution
Server
Monitor 1
Client 1
Client n
Client 1
Monitor n
Client n
UserLogin
Monitoring
Centralized data
center
Monitor
DataCollection
Detection
User
Distribution
Class Diagram:
DataCenter
userDetails
monitorDetails
authentication
dataCollection
WormDetection
userIP
monitorIP
findRatio
report
getUserDetails()
acceptUsers()
provideAuthentication()
getDataCollection()
User Login
userDetails
ipAddress
portNumber
getUserDetails()
getConnection()
dataTransfer()
Sequence Diagram:
getUserIP()
getMonitorIP()
getWormRatio()
prepareReport()
ClientMonitor
monitorDetails
ipAddress
portNumber
authentication
getAuthentication()
getMonitorDetails()
forwardToDataCenter()
DataDistribution
dataDistribution
ipAddress
collectIP()
dataDistribution()
DataCenter
Monitor
LogCollection
LogDistribution
Login
Monitoring
TrafficLog
DetectWorm
PrepareReport
Distribution
Collaboration Diagram:
Client
Monitor
4: DetectWorm
DataCen
ter
3: TrafficLog
LogColle
ction
2: Monitoring
5: PrepareReport
1: Login
6: Distribution
LogDistri
bution
Activity Diagram:
Client
Start
DataCenter
Monitor
User
End
SYSTEM REQUIREMENTS
HARDWARE
PROCESSOR
RAM
512 MB DD RAM
MONITOR
15 COLOR
HARD DISK
40 GB
Duo.
CDDRIVE
LG 52X
Front End
JAVA (SWINGS)
Back End
MS SQL 2000/05
SOFTWARE
Operating System
IDE
Windows XP/07
CODINGS:
Server.java:
package centralizedserver;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.ServerSocket;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.swing.JOptionPane;
import javax.swing.tree.DefaultMutableTreeNode;
import javax.swing.tree.DefaultTreeModel;
import javax.swing.tree.TreeSelectionModel;
Thread t;
String tempPort;
int port;
Socket s, checkSocket;
ServerSocket ss;
Iterator i;
DefaultMutableTreeNode addUser, d;
InputStream is;
InputStreamReader isr;
BufferedReader br;
public CentralizedServer() {
initComponents();
String address=soc.getInetAddress().getHostAddress();
monitor=new DefaultMutableTreeNode(address);
root.add(monitor);
jTree1.setModel(new DefaultTreeModel(root));
if (key.equals("update")) {
TreeMap tm = (TreeMap) al.get(1);
map=tm;
System.out.println(tm);
update(tm);
}
if(key.equals("report")){
String WIP=(String)al.get(1);
Set set=map.entrySet();
Iterator it=set.iterator();
while(it.hasNext()){
Map.Entry me=(Map.Entry)it.next();
Integer I=(Integer)me.getKey();
String addr=(String)me.getValue();
try{
Socket socket=new Socket(addr,I.intValue());
ArrayList clientInfo=new ArrayList();
clientInfo.add("report");
clientInfo.add(WIP +"has send worm file... Please dont
Access");
ObjectOutputStream oos=new
ObjectOutputStream(socket.getOutputStream());
oos.writeObject(clientInfo);
}
catch(IOException e){
e.printStackTrace();
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated
Code">//GEN-BEGIN:initComponents
private void initComponents() {
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_C
LOSE);
setTitle("Server");
setBounds(new java.awt.Rectangle(50, 50, 200, 200));
.addComponent(jScrollPane1,
javax.swing.GroupLayout.Alignment.TRAILING,
javax.swing.GroupLayout.DEFAULT_SIZE, 320, Short.MAX_VALUE)
);
jPanel2Layout.setVerticalGroup(
jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignmen
t.LEADING)
.addComponent(jScrollPane1,
javax.swing.GroupLayout.Alignment.TRAILING,
javax.swing.GroupLayout.DEFAULT_SIZE, 390, Short.MAX_VALUE)
);
jPanel1.add(jPanel2);
jPanel2.setBounds(150, 60, 320, 390);
jButton1.setText("send report");
jButton1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
});
jPanel1.add(jButton1);
.addComponent(jPanel1,
javax.swing.GroupLayout.DEFAULT_SIZE, 550, Short.MAX_VALUE)
);
pack();
}// </editor-fold>//GEN-END:initComponents
}
});
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton jButton1;
private javax.swing.JLabel jLabel1;
private javax.swing.JPanel jPanel1;
private javax.swing.JPanel jPanel2;
private javax.swing.JScrollPane jScrollPane1;
public javax.swing.JTree jTree1;
// End of variables declaration//GEN-END:variables
ServerSocket server;
Socket soc;
int serverPort;
Thread thread;
DefaultMutableTreeNode root;
DefaultMutableTreeNode monitor;
TreeMap map;
public void connection() {
try {
server = new ServerSocket(serverPort);
System.out.println("Server is running");
InetAddress IA=InetAddress.getLocalHost();
root = new DefaultMutableTreeNode(IA.getHostAddress()+ "@"
+ serverPort);
jTree1.setModel(new DefaultTreeModel(root));
thread = new Thread(this);
thread.start();
} catch (IOException e) {
e.printStackTrace();
}
}
Set set=tm.entrySet();
Iterator it=set.iterator();
while(it.hasNext()){
Map.Entry me=(Map.Entry)it.next();
Integer I=(Integer)me.getKey();
String addr=(String)me.getValue();
monitor.add(new
DefaultMutableTreeNode(addr+"@"+I.intValue()));
try{
Socket socket=new Socket(addr,I.intValue());
ArrayList clientInfo=new ArrayList();
clientInfo.add("update");
clientInfo.add(tm);
ObjectOutputStream oos=new
ObjectOutputStream(socket.getOutputStream());
oos.writeObject(clientInfo);
}
catch(IOException e){
e.printStackTrace();
}
}
root.add(monitor) ;
jTree1.setModel(new DefaultTreeModel(root));
System.out.println("Updated");
}
}
Moniter.java:
package monitor;
import java.io.IOException;
import javax.swing.JOptionPane;
import java.net.Socket;
import java.net.ServerSocket;
import javax.swing.DefaultListModel;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.swing.ListModel;
public Monitor()
{
initComponents();
}
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated
Code">//GEN-BEGIN:initComponents
private void initComponents() {
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_C
LOSE);
setTitle("Monitor");
setBounds(new java.awt.Rectangle(50, 50, 200, 200));
setResizable(false);
jPanel1.setLayout(null);
jPanel3.add(jPanel2);
jPanel2.setBounds(20, 60, 290, 230);
txtMessage.setColumns(20);
txtMessage.setRows(5);
jScrollPane2.setViewportView(txtMessage);
jPanel4.add(jScrollPane2);
jScrollPane2.setBounds(110, 50, 270, 150);
jPanel3.add(jPanel4);
jPanel4.setBounds(350, 60, 410, 270);
btnReport.setText("Report To Server");
btnReport.addActionListener(new java.awt.event.ActionListener()
{
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnReportActionPerformed(evt);
}
});
jPanel3.add(btnReport);
btnReport.setBounds(300, 400, 130, 30);
jPanel1.add(jPanel3);
jPanel3.setBounds(10, 10, 780, 530);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEAD
ING)
.addComponent(jPanel1,
javax.swing.GroupLayout.DEFAULT_SIZE, 550, Short.MAX_VALUE)
);
pack();
}// </editor-fold>//GEN-END:initComponents
try{
String WIP=JOptionPane.showInputDialog("Enter IP Address");
Socket serverSocket=new Socket(serverIP,serverPort);
ArrayList al=new ArrayList();
al.add("report");
al.add(WIP);
ObjectOutputStream oos=new
ObjectOutputStream(serverSocket.getOutputStream());
oos.writeObject(al);
JOptionPane.showMessageDialog(rootPane, "Report Send to
Server");
}
catch(IOException e){
e.printStackTrace();
}
}//GEN-LAST:event_btnReportActionPerformed
txtMessage.append("Sender\tReceiver\tTime\n");
txtMessage.append("*************************************\n");
while(true){
try{
socket=server.accept();
String address=socket.getInetAddress().getHostAddress();
ObjectInputStream ois=new
ObjectInputStream(socket.getInputStream());
ArrayList al=(ArrayList)ois.readObject();
String key=(String)al.get(0);
if(key.equals("new")){
Integer I=(Integer)al.get(1);
int clientPort=I.intValue();
tm.put(clientPort, address);
list1.addItem(address+"@"+clientPort);
Socket soc=new Socket(serverIP,serverPort);
ArrayList clientInfo=new ArrayList();
clientInfo.add("update");
clientInfo.add(tm);
ObjectOutputStream oos=new
ObjectOutputStream(soc.getOutputStream());
oos.writeObject(clientInfo);
}
if(key.equals("message")){
}
catch(IOException e){
e.printStackTrace();
}
catch(ClassNotFoundException e){
e.printStackTrace();
}
}
ServerSocket server;
Socket socket;
String serverIP;
int port,serverPort;
Thread t;
t=new Thread(this);
t.start();
}
catch(IOException e){
e.printStackTrace();
}
}
User.java:
package user;
import java.awt.FileDialog;
import java.io.BufferedReader;s
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import javax.swing.JOptionPane;
import java.net.Socket;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.ServerSocket;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.swing.DefaultListModel;
import javax.swing.tree.DefaultMutableTreeNode;
import javax.swing.tree.DefaultTreeModel;
import javax.swing.tree.TreeModel;
public User() {
initComponents();
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated
Code">//GEN-BEGIN:initComponents
private void initComponents() {
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_C
LOSE);
setTitle("User");
setBounds(new java.awt.Rectangle(50, 50, 200, 200));
setResizable(false);
jPanel1.setLayout(null);
jPanel2.setBorder(javax.swing.BorderFactory.createTitledBorder(new
javax.swing.border.LineBorder(new java.awt.Color(0, 153, 153), 1,
true), "File to. . . ."));
jPanel2.setLayout(null);
jPanel2.add(jScrollPane1);
jScrollPane1.setBounds(10, 20, 220, 500);
jPanel1.add(jPanel2);
btnSend.setText("Send");
btnSend.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnSendActionPerformed(evt);
}
});
jPanel3.add(btnSend);
btnSend.setBounds(250, 500, 80, 23);
btnQuit.setText("Quit");
btnQuit.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnQuitActionPerformed(evt);
}
});
jPanel3.add(btnQuit);
btnQuit.setBounds(330, 500, 80, 23);
btnBrowse.setText("Browse");
btnBrowse.addActionListener(new java.awt.event.ActionListener()
{
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnBrowseActionPerformed(evt);
}
});
jPanel3.add(btnBrowse);
btnBrowse.setBounds(170, 500, 80, 23);
list1.addItemListener(new java.awt.event.ItemListener() {
public void itemStateChanged(java.awt.event.ItemEvent evt) {
list1ItemStateChanged(evt);
}
});
jPanel3.add(list1);
list1.setBounds(30, 80, 520, 370);
jPanel1.add(jPanel3);
jPanel3.setBounds(10, 10, 580, 530);
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEAD
ING)
.addComponent(jPanel1,
javax.swing.GroupLayout.DEFAULT_SIZE, 550, Short.MAX_VALUE)
);
pack();
}// </editor-fold>//GEN-END:initComponents
tm.put(fileName, buffer);
ArrayList msg = new ArrayList();
msg.add("message");
msg.add(tm);
}//GEN-LAST:event_btnSendActionPerformed
}//GEN-LAST:event_btnBrowseActionPerformed
System.exit(0);
}//GEN-LAST:event_btnQuitActionPerformed
}//GEN-LAST:event_jTree1MouseClicked
while (true) {
message(tm);
}
if(key.equals("report")){
String report=(String)msg.get(1);
JOptionPane.showMessageDialog(rootPane, report);
}
}
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton btnBrowse;
private javax.swing.JButton btnQuit;
private javax.swing.JButton btnSend;
private javax.swing.JLabel jLabel1;
private javax.swing.JPanel jPanel1;
private javax.swing.JPanel jPanel2;
private javax.swing.JPanel jPanel3;
private javax.swing.JScrollPane jScrollPane1;
public static javax.swing.JTree jTree1;
private java.awt.List list1;
// End of variables declaration//GEN-END:variables
ServerSocket server;
Socket socket;
Thread thread;
String monitorIP, test;
int monitorPort;
int port;
DefaultMutableTreeNode root;
try {
server = new ServerSocket(port);
System.out.println("User Running");
thread = new Thread(this);
thread.start();
} catch (IOException e) {
e.printStackTrace();
}
}
port = Integer.parseInt(JOptionPane.showInputDialog(rootPane,
"port"));
}
try {
FileOutputStream fos = new FileOutputStream(test + "/" +
me.getKey());
byte buffer[] = (byte[]) me.getValue();
fos.write(buffer);
fos.close();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
CWorm.java:
package cworm;
import java.awt.FileDialog;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import javax.swing.JOptionPane;
import java.net.Socket;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.ServerSocket;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.swing.DefaultListModel;
import javax.swing.tree.DefaultMutableTreeNode;
import javax.swing.tree.DefaultTreeModel;
import javax.swing.tree.TreeModel;
public CWorm() {
initComponents();
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated
Code">//GEN-BEGIN:initComponents
private void initComponents() {
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_C
LOSE);
setTitle("CWorm");
setAlwaysOnTop(true);
jPanel1.setLayout(null);
btnSend.setText("send");
btnSend.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnSendActionPerformed(evt);
}
});
jPanel3.add(btnSend);
btnSend.setBounds(230, 453, 90, 30);
jButton3.setText("Quit");
jButton3.addActionListener(new java.awt.event.ActionListener() {
jPanel3.add(jScrollPane2);
jScrollPane2.setBounds(20, 100, 540, 310);
jPanel1.add(jPanel3);
jPanel3.setBounds(10, 10, 580, 530);
jPanel2.setBorder(javax.swing.BorderFactory.createTitledBorder(new
javax.swing.border.LineBorder(new java.awt.Color(0, 153, 153), 1,
true), "File to. . . ."));
jPanel2.setLayout(null);
jPanel2.add(jScrollPane1);
jScrollPane1.setBounds(10, 20, 200, 500);
jPanel1.add(jPanel2);
jPanel2.setBounds(620, 0, 220, 540);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEAD
ING)
.addComponent(jPanel1,
javax.swing.GroupLayout.DEFAULT_SIZE, 850, Short.MAX_VALUE)
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEAD
ING)
.addComponent(jPanel1,
javax.swing.GroupLayout.DEFAULT_SIZE, 550, Short.MAX_VALUE)
);
pack();
}// </editor-fold>//GEN-END:initComponents
client.remove(port);
}//GEN-LAST:event_btnSendActionPerformed
while (true) {
}
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
java.awt.EventQueue.invokeLater(new Runnable() {
}
});
}
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JButton btnSend;
private javax.swing.JButton jButton3;
private javax.swing.JLabel jLabel1;
public static javax.swing.JList jList1;
private javax.swing.JPanel jPanel1;
private javax.swing.JPanel jPanel2;
private javax.swing.JPanel jPanel3;
try {
server = new ServerSocket(port);
System.out.println("User Running");
thread = new Thread(this);
thread.start();
} catch (IOException e) {
e.printStackTrace();
}
}
port = Integer.parseInt(JOptionPane.showInputDialog(rootPane,
"port"));
}
client = tm;
Set set = tm.entrySet();
Iterator it = set.iterator();
while (it.hasNext()) {
Map.Entry me = (Map.Entry) it.next();
root.add(new DefaultMutableTreeNode(me.getKey() + "@" +
me.getValue()));
}
jTree1.setModel(new DefaultTreeModel(root));
}
}
Screen shots:
Server:
Monitor:
User:
Conclusion:
In this paper we presented an analytical framework, based on
Interactive Markov Chains, that can be used to study the dynamics of
malware propagation on a network. The exact solution of a stochastic
model intended to capture the probabilistic nature of malware