LOL, ROTFL and WTF: My Winter Vacation

Tomorrow night I shall be on a train back to Jaipur. The wait has been long, and somehow, it has made the fruit taste better. My dedication to my work has made me anything other than a social animal, and unlike everyone else I know, I’ve spent this vacation going through research papers and publications (71 in total!) and I think I’ve finally found my unique idea which I’ll be presenting for the HP Innovate awards (will give you the prelude to it shortly). I’ve got to say I’ve learnt a lot but heck, I guess I missed out on a lot of other things. I still had my share of fun to say. I had a great time with my cousins who were here in Palakkad for the holidays, especially during the engagement function of one of them. I also met some of my friends from school, and during our class reunion which was held on Christmas, I met many more of them. I had rabbit meat for the first time during the marathon of a lunch that we had. 🙂

I’ve also submitted two project proposals for Sun’s Code For Freedom (CFF) contest. I’ll be developing high availability agents for Zabbix and Cron, so that they may work off the box on the Open High Availability Cluster suite. I’ll be coding over the GDS (Generic Data Service) template, that allows you to code without having to deal with the cluster framework. So all you have to do, is focus on starting, stopping, probing and validating the application you’re developing the agent for. Sounds easy? I’ll only know for myself once I start work. So you’ll be seeing a lot of technical posts throughout my coming semester. (There go my readers I guess)

Apart from CFF, the other thing that’s going to keep me busy through the coming months is the research paper I’m working on for the HP Innovate awards. We all know the kind of havoc that crackers wreck on networks across the world. Commercial Banks have reported losses in the order of billions of dollars due to cyber attacks on their servers. To detect such attacks, we have things called Intrusion Detection Systems (IDSs). But then again, conventional IDSs are based on signatures. A signature is a string developed out of some particular parameters, that distinguish one attack from others. The problem here is, if the IDS doesn’t have the signature for an attack, it’s not going to detect the intrusion itself, and this is where signature based systems completely fail. If this is going over your heads, let me take a more common example. All of you know what an Anti Virus suite is right? You do know that without ‘updating your virus definitions’ your system is vulnerable right? So that’s what I’m talking about. Anti virus software are based on signatures.

It’s not very difficult for the attacker to make minor modifications to an attack so as to get it’s signature changed. As far as viruses are concerned, it’s real easy to add useless code that will get the virus’ signature altered. Consider a virus’ code, being executed as assembly language instructions (this isn’t proper code ok?):

00 Original Code…

01 Original Code…

.

.

.

N Original Code…

Now the above piece of code will give you a signature we’ll call ABC. Now if your anti virus has this signature ABC, it will be able to detect the above virus. Now look at the modification I’m making here.

00 Original Code…

01 Original Code…

.

.

K MOV <Some register>, <some value>

L MOV <Some register>, <some other register>

.

.

N+2 Original Code…

Now the above piece of code has two new instructions in between it that needn’t serve any purpose whatsoever (known as ‘dummy code’). All I have to do is insert this kind of code in between different parts of my program, without worrying about changing the program’s functionality. But this virus will now have a different signature, and the anti virus won’t be able to detect it inspite of having the signature ABC of a virus which does the same thing.

The same kind of little tricks go toward bamboozling IDSs as well. So hence, we need to move away from signature based systems, towards an era of intelligent, anomaly based IDSs. So I’m basically working on the application of AI to such IDSs for the HP Innovate awards.

I’ll be writing about all these as and when I’m working on them. Right now, I feel like playing Tekken 5. So adios…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s