SlideShare a Scribd company logo
1 of 2
Download to read offline
Department of Electronic & Computer Engineering
Monitoring System Integrity using the
NSRL
Student Name: Thomas Bringewald
Student ID: 15081907
Supervisor: Dr. Donal Heffernan
Course:
MEng in Information and Network
Security
Academic Year: 2015/16
“Submitted in partial fulfilment for the requirements of the Master
of Engineering Degree in the University of Limerick”
Abstract
Viruses hide themselves in software applications by injecting their malicious code. Soft-
ware is downloaded from suspicious web sides or is replaced by an illegally tampered
version at a respectable side. All that are entry points for a malware difficult to detect
without an integrity check.
This paper describes a proof of concept for a File Integrity Monitor (FIM) using the
National Software Reference Library. For this project a variety of file monitoring tech-
niques is presented and compared with each other. A software design of a distributed
system is presented involving a client for file monitoring and integrity checking and a
server for hash set maintenance. A set of functional and non-functional requirements
is listed. Afterwards programming choices are explained and their benefit for this ap-
plication highlighted. Extensions to advance the proof of concept to a comprehensive
prototype are specified. At the end tests are carried out to prove the designed function-
ality.
Suggestions on further extensions are mentioned at last.

More Related Content

What's hot

MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREMINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREIJNSA Journal
 
Icacci presentation- deep android
Icacci presentation- deep androidIcacci presentation- deep android
Icacci presentation- deep androidvinaykumar R
 
Handy penetration testing tools
Handy penetration testing toolsHandy penetration testing tools
Handy penetration testing toolsMindfire LLC
 
Zero day malware detection
Zero day malware detectionZero day malware detection
Zero day malware detectionsujeeshkumarj
 
Optimised malware detection in digital forensics
Optimised malware detection in digital forensicsOptimised malware detection in digital forensics
Optimised malware detection in digital forensicsIJNSA Journal
 
NeerajSharma_EmbeddedSoftwareDeveloper
NeerajSharma_EmbeddedSoftwareDeveloperNeerajSharma_EmbeddedSoftwareDeveloper
NeerajSharma_EmbeddedSoftwareDeveloperNeeraj sharma
 
Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...MobileSoft
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY  VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY  VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...IJNSA Journal
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
IT6701-Information Management Unit 2
IT6701-Information Management Unit 2IT6701-Information Management Unit 2
IT6701-Information Management Unit 2SIMONTHOMAS S
 
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...IJNSA Journal
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityijcsa
 
Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...
Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...
Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...Editor IJCATR
 

What's hot (17)

MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREMINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
 
Icacci presentation- deep android
Icacci presentation- deep androidIcacci presentation- deep android
Icacci presentation- deep android
 
Handy penetration testing tools
Handy penetration testing toolsHandy penetration testing tools
Handy penetration testing tools
 
Zero day malware detection
Zero day malware detectionZero day malware detection
Zero day malware detection
 
Optimised malware detection in digital forensics
Optimised malware detection in digital forensicsOptimised malware detection in digital forensics
Optimised malware detection in digital forensics
 
NeerajSharma_EmbeddedSoftwareDeveloper
NeerajSharma_EmbeddedSoftwareDeveloperNeerajSharma_EmbeddedSoftwareDeveloper
NeerajSharma_EmbeddedSoftwareDeveloper
 
Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY  VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY  VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
 
IT6701-Information Management Unit 2
IT6701-Information Management Unit 2IT6701-Information Management Unit 2
IT6701-Information Management Unit 2
 
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
PRACTICAL APPROACH FOR SECURING WINDOWS ENVIRONMENT: ATTACK VECTORS AND COUNT...
 
Atifalhas
AtifalhasAtifalhas
Atifalhas
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Resume - Timothy Lewis 20160313
Resume - Timothy Lewis 20160313Resume - Timothy Lewis 20160313
Resume - Timothy Lewis 20160313
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application security
 
A075434624
A075434624A075434624
A075434624
 
Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...
Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...
Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...
 

Viewers also liked

Intro and chapter template 122711
Intro and chapter template 122711Intro and chapter template 122711
Intro and chapter template 122711Randi Busse
 
Violin1one
Violin1oneViolin1one
Violin1oneRubren
 
相約2013.1.4 歡慶
相約2013.1.4 歡慶相約2013.1.4 歡慶
相約2013.1.4 歡慶syjoys
 
Cn – 9º Ano (ContracepçãO)
Cn – 9º  Ano (ContracepçãO)Cn – 9º  Ano (ContracepçãO)
Cn – 9º Ano (ContracepçãO)Nuno Correia
 
Mycobacterium tuberculosis
Mycobacterium  tuberculosisMycobacterium  tuberculosis
Mycobacterium tuberculosisJuby Raju
 
Examen de bachillerato Civica TÉCNICO 2015 (SETIEMBRE)
Examen de bachillerato Civica TÉCNICO 2015 (SETIEMBRE) Examen de bachillerato Civica TÉCNICO 2015 (SETIEMBRE)
Examen de bachillerato Civica TÉCNICO 2015 (SETIEMBRE) Profesora Katherine Calvo
 
Parábola del Buen samaritano
Parábola del Buen samaritanoParábola del Buen samaritano
Parábola del Buen samaritanoMiguel Angel
 

Viewers also liked (11)

Intro and chapter template 122711
Intro and chapter template 122711Intro and chapter template 122711
Intro and chapter template 122711
 
Violin1one
Violin1oneViolin1one
Violin1one
 
VISITA A SECOND LIFE
VISITA A SECOND LIFEVISITA A SECOND LIFE
VISITA A SECOND LIFE
 
11.repetição
11.repetição11.repetição
11.repetição
 
CV Vipin Srivastava
CV Vipin SrivastavaCV Vipin Srivastava
CV Vipin Srivastava
 
相約2013.1.4 歡慶
相約2013.1.4 歡慶相約2013.1.4 歡慶
相約2013.1.4 歡慶
 
Cn – 9º Ano (ContracepçãO)
Cn – 9º  Ano (ContracepçãO)Cn – 9º  Ano (ContracepçãO)
Cn – 9º Ano (ContracepçãO)
 
Paginas web
Paginas webPaginas web
Paginas web
 
Mycobacterium tuberculosis
Mycobacterium  tuberculosisMycobacterium  tuberculosis
Mycobacterium tuberculosis
 
Examen de bachillerato Civica TÉCNICO 2015 (SETIEMBRE)
Examen de bachillerato Civica TÉCNICO 2015 (SETIEMBRE) Examen de bachillerato Civica TÉCNICO 2015 (SETIEMBRE)
Examen de bachillerato Civica TÉCNICO 2015 (SETIEMBRE)
 
Parábola del Buen samaritano
Parábola del Buen samaritanoParábola del Buen samaritano
Parábola del Buen samaritano
 

Similar to Final

Mansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxMansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxinfantsuk
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentVESIT/University of Mumbai
 
A new approach for formal behavioral
A new approach for formal behavioralA new approach for formal behavioral
A new approach for formal behavioralijfcstjournal
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
 
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
 
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
 
Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics IJNSA Journal
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Joseph Iannelli
 
J_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJ_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJuanita McConnell
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF  PHP W EB  A PPLICATIONSPROP - P ATRONAGE OF  PHP W EB  A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSijcsit
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET Journal
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsCodenomicon
 
Sophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionSophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionGiovanni Giovannelli
 
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY AM Publications
 
A method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesA method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesRaja Ram
 

Similar to Final (20)

Mansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxMansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docx
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
 
A new approach for formal behavioral
A new approach for formal behavioralA new approach for formal behavioral
A new approach for formal behavioral
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
 
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...
 
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...
 
Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics
 
185
185185
185
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015
 
J_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJ_McConnell_LabReconnaissance
J_McConnell_LabReconnaissance
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application Security
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF  PHP W EB  A PPLICATIONSPROP - P ATRONAGE OF  PHP W EB  A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for Telecommunications
 
BSidesQuebec2013_fred
BSidesQuebec2013_fredBSidesQuebec2013_fred
BSidesQuebec2013_fred
 
Sophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser ProtectionSophos Next-Generation Enduser Protection
Sophos Next-Generation Enduser Protection
 
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY
 
A method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesA method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devices
 

Final

  • 1. Department of Electronic & Computer Engineering Monitoring System Integrity using the NSRL Student Name: Thomas Bringewald Student ID: 15081907 Supervisor: Dr. Donal Heffernan Course: MEng in Information and Network Security Academic Year: 2015/16 “Submitted in partial fulfilment for the requirements of the Master of Engineering Degree in the University of Limerick”
  • 2. Abstract Viruses hide themselves in software applications by injecting their malicious code. Soft- ware is downloaded from suspicious web sides or is replaced by an illegally tampered version at a respectable side. All that are entry points for a malware difficult to detect without an integrity check. This paper describes a proof of concept for a File Integrity Monitor (FIM) using the National Software Reference Library. For this project a variety of file monitoring tech- niques is presented and compared with each other. A software design of a distributed system is presented involving a client for file monitoring and integrity checking and a server for hash set maintenance. A set of functional and non-functional requirements is listed. Afterwards programming choices are explained and their benefit for this ap- plication highlighted. Extensions to advance the proof of concept to a comprehensive prototype are specified. At the end tests are carried out to prove the designed function- ality. Suggestions on further extensions are mentioned at last.