Latest Ppt
Oct 14, 2015
Slide 1
A HACKING SYSTEM BASED ON IMAGE BINDING SUBMITTED TO:Ms.DIVYA K VMs.VIDYA MMs.THERESA V CHERYAN
SUBMITTED BY: SAVITHA K JLAKSHMI RAJJASEENA ABUBACKERANJANA DEVARAJSHABINA P S
1AIMTo build a hacking system which uses image steganography
2PROBLEM DEFINITION AND STATEMENTSPROBLEM STATEMENT operating system crash as a result of hackingloss of data due to hacking
PROBLEM DESCRIPTION
Existing hacking technique involves sending a virus application to the target system . System's processes come to a halt causing the operating system to crash making it useless .Sometimes the hacking system modifies the data (active attack) .
3EXISTING SYSTEMExisting hacking technique involves sending a virus application to the target system .
system's processes come to a halt causing the operating system to crash making it useless . Sometimes the hacking system modifies the data (active attack) .
Image binding is normally used to sent secret messages between secure parties. The intruder doesn't know about hidden message inside the image.
AKey loggeris a program or file that has been executed to record keystrokes a computer usermakes. It is extensively used for parental guidance.
4PROPOSED SYSTEMThe proposed system is hacking system which uses imagebinding. Itaims to produce apassive attack. It doesn't crash the system orit doesnt cause any harm or modification to the data present in the system.We are proposing a technique of binding a key logger to an image using image steganography.Once a computer user has been infected with a Key logger, it will continue to run in a hidden manner, and report all the information that is being input into the computer, and this is sent back to the hacker or some otherhidden third party. After the hacker has compiled enough information using the Key logger,
Key logger sent the all key strokes of the master system
5RELATED WORKS61) ON THE LIMITS OF STEGANOGRAPHY by Ross J Anderson and Fabien A.POBJECTIVE: what steganography is and what it can do. contrast it with the related disciplines of cryptography and traffic security.Present an active attack Show that public key information hiding system exists
7 What is steganography? Classical steganography embeds a secret message in a cover message using a key Once the cover object has a material embedded in it, it is called a stego objectClassical cryptography deals with concealing the content of messages, steganography is about concealing their existenceTechniques for concealing meta-information about message, such as its existence, duration, sender and receivers, are collectively known as traffic security. Steganography is often considered to be a proper subset of this discipline.
8 ACTIVE ATTACKProposed an attack based on bandwidth limitationThe active attack inject unwanted signals or noisesMore the cover bits used ,easily the noise can be inserted
PUBLIC KEY STEGANOGRAPHYProposed a public key information hiding systemAlice can embed the message in parity bits using bobs public keyOnly bob can decrypt using his private keyRemoves the need for a shared secret key
92)HIDING THE TEXT INFORMATION USING STEGNOGRAPHYby M . Grace , S .kiran ,M.Swapna , T . RaoOBJECTIVE:The problems present in the text steganography and issues with existing solutions are highlighted. In information hiding, a novel approach is proposed by using inter-word spacing and inter-paragraph spacing as a hybrid methodThe considerable drawbacks of every existing method and how the new approach might be recommended as a solution can be analyzed10PROPOSED APPROACHA new approach is proposed by creating a hybrid method in utilizing whitespaces between words and paragraphs in right-justification of text. This method can be an improvement of open space method because it is not using a sole method of encoding data. By combining methods of inter-word spacing and inter-paragraph spacing into an embedding algorithm, a larger capacity for embedding hidden bits is provided.
11 THERE ARE 4 MODULES Registration: To enter personal information about that particular user. To enter the username and password identification mechanism. To give the successful solution identification information. To get the window in the form of message transformation2. Encrypt Text information:To give that any message information that can be converted in the form bit format identification manner. To generate bit format identification process that can be involved in the form substitution technique. .123. Mapping through that XML schema:To give full description of information through the classification methodology To introduce in the form tree structure identification technique. After that to generate identification of correct decision making identification process. To expose data information currently available data.4. Decrypt that information to another language of environment: After encoding that information it can be transferred and stored inside the same view message133) Hiding Text Behind Image For Secure Communication by S.Pandey and A.Lathigara OBJECTIVE: This paper intends to give an overview of image steganography and its usesClassifying the variety of image steganographic techniquesThe different requirements for the different steganographic methods used
14Image steganographic methodLSB Methodhide the message in the least significant bits (LSBs) of pixel values of an image. LSB - Uses Storing passwords and/or other confidential information Covert communication of sensitive data Speculated uses in terrorist activities Being widely used to hide and/or transfer illegal content
154)EDGE ADAPTIVE IMAGE STEGANOGRAPHY BASED ON LSB MATCHING REVISITED The least- signicant-bit (LSB)-based approach is apopular type of steganographic algorithms in the spatial domain.embedding positions within a cover image mainly depends on a pseudorandom number generator The smooth/ at regions in the cover images will inevitably be contaminated after data hiding even at a low embedding rate, will lead to poor visual quality The LSB matching revisited image steganography and propose an edge adaptive scheme which can select the embedding regions
16 Data embedding stage
initializes some parameters, which are used for subsequent data preprocessing and region selectionestimates the capacity of those selected regions. post processing to obtain the stego image. Data extraction
extracts the side information from the stego image. preprocessing and identies the regions that have been used for data hiding. obtains the secret message according to the corresponding extraction algorithm.
17 Proposed scheme. (a) Data embedding. (b) Data extraction
185)DETECTING LSB STEGANOGRAPHY INCOLOR AND GRAY-SCALE IMAGES
Steganography is the art of secret communication.Purpose: to hide the presence of communication, as opposed to cryptography,. Used digital images, videos, sound files, and other computer files that contain perceptually irrelevant or redundant information .After embedding a secret message into the cover image, we obtain a so-called stegoimage.
. FACTORS AFFECTING SECURITY:the less information we embed into the cover image, the smaller the probability of introducing detectable artifacts by the embedding process. Another important factor is the choice of the cover image.19selection is at the discretion of the person who sends the messageSome steganographic experts recommend grayscale images as the best cover
Lossless data embedding
the lossless capacity became a sensitive measure for the degree of randomization of the LSB plane. most images the LSB plane is essentially random and doesnt contain any easily recognizable structure. Using classical statistical quantities constrained to the LSB plane to capture the degree of randomization is unreliable. The lossless capacity reflects the fact that the LSB planeeven though it looks random is related nonetheless to the other bit planes. This relationship, however, is nonlinear, and the lossless capacity seems to measure this relationship fairly well. 20Usually the images stored previously in the JPEG format are a poor choice for cover images. -- the quantization introduced by JPEG compression can serve as a watermark or unique fingerprint.The importance of techniques that can reliably detect the presence of secret messages in images is increasing.
Images can hide a large amount of malicious code that could be activated by a small Trojan horse type of virus. detection of hidden information in images should be a part of every virus-detection software. Employing a form of LSB embedding information,in most softwares
new RS Steganalysis is an important contribution that will find numerous applications for law enforcement and industry in general.21
22 6) Key loggers : Increasing threats to computer security and privacy by S . Sagiroglu and G . Canbek
Favorite tool of hackersKey loggers are known variously as tracking software , Computer activity monitoring software, Keystroke monitoring systems ,Keystroke recorders ,Key stroke loggers, Keyboard sniffers and snoop ware
Main purpose of key loggersTo monitor a users keyboard actionsThey can track virtually anything running on a computer.Screen scrapers, enable the visual surveillance of a target computer.
23Key loggers can be mainly classified into two categories: hardware and software.
Hardware key loggerSoftware key loggerSmall electronic devices used for capturing the data in between a keyboard device and I/O port.
Software key loggers track systems that collect keystroke data within the target operating system
They store the keystrokes in their built-in memory after being mounted in a computer systemStore them on disk and send them to the attacker who installed the key logger.The major disadvantage of hardware key loggers is require physical installation.Parasitical ones are produced or used by hackers.
An acoustic key logger ,transmit keystrokes using the enhanced encoding scheme.
Monitoring methods for software key loggers are operating-system specific.
24Keyboard State Table Method
Windows Keyboard Hook Method
The Kernel-Based Keyboard Filter Driver method,
Creative methods
every application that uses a window interface refers to a table showing the status of 256 virtual keysHook-based key loggers monitor the keyboard with functions providedby the OS. The key loggers using this method reside at the kernel level and are thus practically invisible. It is more advanced than the two methods introduced earlier.
Creative key logger coders are constantly developing key loggers25Keyboard State Table Method
Windows Keyboard Hook Method
The Kernel-Based Keyboard Filter Driver method,Creative methodstable is normally used by applications for determining other key states at the same time.OS warns any time a key is pressed and it records the action. Windows hooks are unique to Windows message mechanisms.keyloggers are difficult to implement, difficult to detect, and administrator privileges are required to install them on a target machine. a keyboard filter driver is installed by a keylogger before the systems keyboard device driverequiring less memory space, less CPU usage, and less interference with other software. The development of these new methods is ongoing.267)BYPASSING ANTIVIRUS WITH CRYPTERS
The task of today's security software is to protect computers against malware and hacker attacks .The security software use signatures and heuristic to detect known viruses, root kits and Trojan horses. Traditional approaches such as signature scanning, one of the most common techniques employed by antivirus companies are becoming inefficient for the high amount of samples found in the wild. Antivirus manufacturers nowadays implements more and more complex functions and algorithms in order to detect the latest and newest viruses along with their variants.
27Antivirus Identification Methods Signature Based Detection Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces. But cannot defend against malware unless samples have already been obtained and signatures created As new viruses are being created each day, the signature based detection approach requires frequent updates of the virus signature dictionary. Although the signature based approach can effectively contain virus outbreaks, virus authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and, more recently, "metamorphic" viruses, which encrypt parts of them or otherwise modify them as a method of disguise, so as to not match virus signatures in the dictionary. 282. Heuristics detection This sort of scanning and analysis can take some time, which may slow down system performance. The main concern with heuristic detection is that it often increases false positives . False positives are when the antivirus software determines a file is malicious (and quarantines or deletes it) when in reality it is perfectly fine and desired. Because some files may look like viruses but really arent, they are restricted and stopped.Heuristic scanning engines work on the principle that viruses will usually use certain tricks or methods of infecting, and therefore if a program looks like it might be using those tricks; there is a possibility that the program is a virus. In reality heuristics works are quite well for some types of viruses, such as Macro Viruses, but not so well for other types.
29 8) BINDERS
Popular Binders
Here are some of the popular binders used by hackers to hide keyloggers and Trojans:
Simple Binder
30Weekend Binder
Weekend Binder can be used to bind two or more files under one extension and icon, If the binded file contains an application, the application also runs along with the actual binded files.
How to detect Crypted Binded files?
If a trojan or keylogger is binded with a file and it's crypted in order to bypass antivirus detection then its very difficult to detect it, However there is a great piece of software called resource hackerwhich is really effective when it comes to keylogger protection, It detects whether the file is binded or not.
31 What is Crypter?
Crypter is free software used to hide our viruses, keyloggers or any RAT tool from antivirus so that they are not detected and deleted by antivirus. A crypter is a program that allow users to crypt the source code of their program.
What does Crypter do?Crypter simply assigns hidden values to each individual code within source code. Thus, the source code becomes hidden. Hence, our sent crypted trojan and virus bypass antivirus detection and our purpose of hacking them is fulfilled without any AV hindrance.
What is FUD?With increased use of Crypters to bypass antiviruses, AV became more advanced and started including crypter definitions to even detect crypter strings within code. No publicly available crypter is FUD.So, if you crypt RATs with publicly available crypters, they are bound to be detected by antiviruses. 32FIG:A FUD CRYPTER/BINDERSTEPS TO BE FOLLOWED1.First download Crypter
2. To get the password
3. Install software on your computer
4.Now, click on"Select File #1"and select the keylogger or RAT you want to crypt to avoid its antivirus detection.
5.Click on "Select File #2"and select the normal file with which you want to bind our trojan, RAT or Keylogger.
6.If you want you can also change the icon. Finally, hit on"crypt"to . make the fileUD
33ARCHITECTUREHACKINGOUTPUTKEYLOG RECORDSINSIDE SOFTWARELOGIN TO SELECT IMAGEINPUTIMAGE PROCESSINGBLURRED IMAGEIMAGE BINDINGSTORE IMAGELOGOUTE-MAIL34IMAGE PROCESSINGIMAGE MANIPULATION CONVERT TO BITSIS THERE ANY WHITE SPACENOBLURRED IMAGEDELETION OF WHITE SPACEYESIMAGE SELECTION35IMAGE PROCESSINGIMAGE MANIPULATION RESIZEIMAGE CROPPINGIMAGE AUTOFILLILNG36IMAGE BINDINGSELECT KEYLOGGERATTACH FUD BINDERINSERT TO AVAILABLE BIT SPACEENCRYPTSTEGO OBJECT37HACKINGSTEGO OBJECTSENT TORECIEVEROPENS IMAGEKEYLOGGER ACTIVATIONSTARTS RECORDINGKEYLOG HACKER RECEIVESDATABASE OF LOGS
38HACKINGSYSTEM OF HACKER ACTS AS A CHILD OF THE HACKED SYSTEMRECORD OF THE KEYS PRESSED BY THE PARENTSTEGO OBJECT SENT TO VICTIMKEYLOGS STORED IN DATABASESYSTEM OF THE VICTIM ACTS AS THE PARENT OF THE HACKER SYSTEM39REQUIREMENT ANALYSIS HARDWARE REQUIREMENTS System Type: IBM compatible PC with 1GHzRAM: 512MBCache: 512KBStorage: 120GB SOFTWARE REQUIREMENTS Operating System: Windows 2000 Server/Windows XP/Windows 7Language Used:JDK-7U25-WINDOWS-i586Softwares used:Netbeans IDE 7.3DATABASE: MYSQLFUD Binder
40REQUIREMENT ANALYSISFUNCTIONAL REQUIREMENTImage selection: careful selection of the Image so as to maintain it as original as possible.Image bit extraction: extraction of the bit representation of the selected image.Binding: binding program in the selected imageImage exchange via e-mail: Sending the processed image to victim via e-mail
41CONCLUSION Our objective is to build an authenticated software which processes a selected image and binds a key logger with it. Later the stored image is to be sent to the victim.
The work is successfully started and we hope to expand the work further to achieve best results.
42REFERENCEREFERENCE PAPERS: Data hiding in audio signal, video signal , text and jpeg images Key loggers : Increasing Threats to Computer Security and PrivacyReversible Data Hiding in Encrypted ImageUnprivileged Black-Box Detection of User-Space Key loggersOn the Limits of SteganographyDetecting LSB Steganography in Color and GrayHide and Seek: An Introduction to SteganographyHiding Text behind Image for Secure Communication IEEE-International Conference On Advances In Engineering, Science And Management (ICAESM2012)March 30, 31, 2012
43REFERENCEREFERENCE SITES:
http://williamstallings.com/Cryptography/
http://williamstallings.com/Crypto/Crypto4e.html
http://www.securelist.com/en/analysis?pubid=204791931
http://pro-hac.blogspot.in/2010/04/what-is-fud-crypter-hide-trojans.html
http://www.combofix.org/what-is-a-keylogger-virus-and-how-to-remove-it.php
http://www.hackersthirst.com/2011/03/hiding-ratstrojans-and-keyloggers-from.html
http://www.101hacker.com/2011/03/crypter-software-to-bypass-antivirus.html
http://hackclarify.blogspot.in/2012/05/hiding-keyloggersratswormsviruses-using.html
http://k1ng420.blogspot.in/2013/06/binders-and-crypters.html
http://hack-o-crack.blogspot.in/2011/01/hide-keyloggers-and-trojans-with.html
4444THANK YOU45
