Method for detecting and counteracting Virus Detection in BMP images
DOI:
https://doi.org/10.30837/rt.2020.1.200.17Keywords:
BMP image file, computer virus, shell code, overcoming protection systems, virus hiding, antivirus, IDS, IPS, vulnerability, exploit, HID attack, protection methodsAbstract
The aim of the article is to develop a method for protecting modern systems against attacks using BMP image files and HID attacks. This article describes the features of BMP format images. The method of injecting computer viruses in BMP image and attacks to overcome the means of protection. HID attacks and the possibility of combining these attacks are also considered. Features of functioning of modern means of protection IDS, IPS, antiviruses, firewalls and their shortcomings are presented. Such attacks are possible due to the fact that security tools will only analyze executable files, DLLs, Word documents, Java applets. Most of the protection tools simply do not pay attention to images or another secure file type. Because they believe, that there is no reason to spend the processor cycle on image analysis. HID devices are perceived by security tools as a simple interface between a computer and a user, therefore they are trusted. The article suggests methods for detecting viruses in BMP image files based on checking reserved fields that should be zero, matching the real file size with the value in the file header, matching the pixel size specified in the header with real. The article also offers a method to counteract HID attacks based on analysis of text input speed. Developed programs demonstrate the effectiveness of protection against the considered attacks.References
Гриньов Р.С., Сєвєрінов О.В. Аналіз тенденцій вірусних загроз в Україні // Сучасні напрямки розвитку інформаційно-комунікаційних технологій та засобів управління : міжнар. конф. Харків, 2019. 100 с.
Гриньов Р.С. Аналіз статистики та особливостей розповсюдження вірусів в Україні // Сучасні напря-мки розвитку інформаційно-комунікаційних технологій та засобів управління : міжнар. конф. Харків, 2019.
Pare. Virus spread over networks: Modeling, analysis, and control : Ph.D. Electrical & Computer Eng / University of Illinois at Urbana-Champaign, 2018.
Jingwei LEI. Virus program detection method, terminal, and computer readable storage medium. United States, 2018. 19 с.
Wen-Kwang Tsao. Detecting malicious code in sections of computer files / Wen-Kwang Tsao, Pinghuan Wu, Zipan Bai. United States, 2018. 15 с.
Lubomir Sikora. Swarm Virus, Evolution, Behavior and Networking / Lubomir Sikora, Ivan Zelinka. Berlin, 2017.
Carey Parker. Computer Security. North Carolina USA, 2018.
Гриньов Р.С., Севєрінов О.В. Аналіз небезпеки впровадження вірусного програмного забезпечення в зображення // Комп’ютерні та інформаційні системи і технології : міжнар. наук.-техн. конф. Харків, 2019. С. 75.
Гриньов Р.С., Сєвєрінов О.В. Шкідливий USB HID-емулятор // Радіоелектроніка та молодь у XXI сто-літті : міжнар. форум. Харків, 2018. С. 120-121.
Гриньов Р.С., Севєрінов О.В. Аналіз небезпеки апаратних закладних пристроїв // Радіоелектроніка та молодь у XXI столітті : міжнар. форум. Харків, 2019. С. 93-94.
Гриньов, Р. С., Сєвєрінов О. В. Метод подолання засобів захисту з використанням вразливостей графічних файлів формату BMP // Радіотехніка. 2019. Вип. 198. С. 192-202.
Downloads
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
