Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Scarecrow

    Enviado por

    Osama Barakat
    63 visualizações20 páginas
    Scarecrow project

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    PPTX, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    Scarecrow project

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPTX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    63 visualizações20 páginas

    Scarecrow

    Enviado por

    Osama Barakat
    Scarecrow project

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPTX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 20

    University Putra Malaysia Faculty of Engineering Computer and Communication Engineering Department

    By : Osamah L. Barakat Master Candidate Under Supervision Dr. Shaiful Jahari b. Hashim Dr. Raja Syamsul Azmir bin Raja Abdullah July 2012

    Scarecrow Malware are most welcome

    IT Security Threats
    30,000 infected web pages Every day 54,800 New Malware McAfee 2010

    70,000 New Malware Kaspersky 2011

    How about 2012 ??!!

    WHAT ABOUT 2020?

    WHAT SHOULD WE DO ?
    Employees Hardware

    Support CERT

    Cost Money
    Lets figure out today what should we do? and how?

    Agenda
    Objectives Lab Installation
    H/W Specifications
    CloudStack Malware Analyzer

    System flow Implementation

    Demo
    Results Analysis

    Cuckoo

    Problem Statement
    Faster response means more expensive resources.
    More signature of malware need to be kept by desktop

    according to their anti-virus vendor.


    Analyzing malware required a human interaction

    (CERT employee)

    Problem Statement (contd.)

    Objectives
    Automated system with minimum human interaction.
    Scalable system to meet the increasing number of

    malware every day.

    Available system to serve community the whole day.

    ASA

    Objectives(contd.)
    VM1 Cloud Controller

    VM2 DB
    VM3

    CERT Analyst
    VMmax

    10

    System Installation

    11

    H/W specifications
    The System consists of 3 servers and one switch.
    Master(Controller)
    Desktop PC

    AMD Athlon64x2 4GB 2*XeonE5504 Quadcore 2*XeonL5630 Quadcore

    160GB

    2 Ethernet 1Gbit
    1 Ethernet 1Gbit 1 Ethernet 1Gbit

    Agent #1
    Hpproliant DL380G6

    4GB

    320GB

    Agent #2
    Hpproliant DL160G6

    4GB

    160GB

    12

    Malware Analyzer(Cuckoo)
    Open Source. Automated Malware Analysis System.

    Cuckoo Sandbox is a winner of Google Summer of

    Code 2010. Edited to be Cloud enabled software.

    13

    Cloud Stack
    Provides IAAS type of service in cloud computing. Supports VMware, Oracle VM, KVM, XenServer and

    Xen Cloud Platform. Three ways to manage cloud computing environment


    web interface command line full-featured restful API

    14

    Cloud Stack(Contd.)
    Cloud Stack Architecture Management server (cloud controller) Agent server (VMs host) Primary storage Secondary storage API (SW)

    15

    Submitting malware
    From user desktop.
    From main website interface. Using submit script provided (CERT side).

    16

    Demo

    17

    Results and Analysis


    Cuckoo Cloud Enabled Vs. Original Cuckoo
    90000 80000 Total Execution Time in Seconds 70000 60000 50000 40000 30000 20000 10000 0 -500 -10000 0 500 1000 1500 2000 2500 3000 3500 Number of Submitted Malware Original Cuckoo Cuckoo Cloud Enabled

    18

    Questions

    19

    References
    10 myths of BYOD in the enterprise. TechRepublic.

    http://www.techrepublic.com/blog/10things/10myths-of-byod-in-the-enterprise/3049 Research from the Ponemon Institute which found that

    20

    Você também pode gostar