Академический Документы
Профессиональный Документы
Культура Документы
MASTER
VINAMRA MITTAL
ADNAN JAWED
RUCHI CHAUHAN
SHIVAM KUMAWAT FACULTY NAME- MS. HARPREET KAUR
<INTRODUCTION TO MALWARE>
• There are several solutions that provide storage device emulation, but none of them are
able to emulate removable storage devices:
a) Daemon tools : a well-known emulator of CD and DVD drives, but it cannot emulate
other types of storage devices and therefore does not meet the requirements for
our concept.
b) FileDisk
c) Windows Driver Kit
<TECHNIQUE TO SOLVE>
• The goal of any honeypot is to collect information like insights into the malware itself,
information about its author or about infections with that particular malware. In our case,
the effort is targeted at learning about an infection of the honeypot machine in the first
place and at obtaining a sample of the malicious software.
1) It provides a means of host-based intrusion detection with very low false-positive rate.
2) If malware infects the virtual device, we are likely to be provided with all executables
the malware.
<COMPONENTS OF THE HONEYPOT>
• GOAL: MALWARE UNABLE TO DISTINGUISH BETWEEN A REAL USB DEVICE AND THE GHOST DRIVE
• First, we would like to have virtual storage, i. e. an emulated storage device that is backed by
an image file. Applications must be able to write data to and read from the device, while we
route all those I/O operations to an image file that comprises our storage. Secondly, the
device has to look exactly like a removable storage device to any
application that queries information about it.
• We chose Windows 7 as target system for our implementation, because despite its age it is
still widely used and targeted by many pieces of malware [17]. However, the code can be
extended to work on other versions of Windows with little effort.
<DEVICE DETECTION>
<COMPONENTS OF GHOST HONEYPOT>
<HOW DOES IT WORK??>
Basically, the honeypot emulates a USB storage device. If your machine is infected by malware
that uses such devices for propagation, the honeypot will trick it into infecting the emulated
device.
Ghost supports Windows XP 32 bit and Windows 7 32 bit.You can either download a binary
distribution from the old website or compile the code yourself. If you choose to build the code,
you will need the Windows Driver Kit.
<OBJECTIVE OF THIS TECHNIQUE>
• 1)To detect the files infected by malware that copies itself to removable devices specially
USB drives.
• 2) To make data transfer using USB drives more secure.
• 3) To alert OS that the connected virtual device is removable and malware will effect it.
<CONCLUSION>