Malware is any unusualdata or executable code that can affect the performance of a network.Performance of network means the speed of your network the security of yournetwork or it can delay the operations linked with your network.
Malware isusually used by security breaches to violate user’s privacy and for accessingtheir private and confidential data. There are many ways of penetrating themalware into any network. This malware can later be used for accessing thepasswords, files and personal information of users on that network. The dataaccessed in such manner can be used for ransom or for blackmailing1.Computer and other telecommunication networks are becoming increasingly complexand difficult to understand due to multiple hosts and interdependency of thesehosts.
The hosts are designed in such a way that they can connect to otherhosts directly. This provides better and faster performance with minimum degreeof delay but on the other hand it makes the network more easy and simple formalware penetration into all the hosts of that network. Reducing the number ofdirect connections between hosts will definitely make the networks lessvulnerable for malware 23.Whenever malware penetration is successfully carried out in a host that hostand data it carries becomes infected.
Afterwards that host can be used as apenetration point for effecting other hosts on that network 2. There has been an immense increase in amount of malwareattacks on networks and attackers have adopted many new ways and means formalware penetration into networks. Malwares are designed in such a way thatthey have capability to hide them whenever attempts are made to detect them. Sofor overcoming such threats the network providers have also took someinitiatives for making the networks less vulnerable to these attacks. Hosts innetworks are being provided with protection against malware in form ofAntivirus software’s. But these antivirus programs can be successful if theyrespond to any threat as quickly as possible after detecting it. This is asolution but not an ideal one.
Why? Because all the existing antivirussoftware’s are designed for malware that exist. Let’s suppose if an attackerattacks a network and the antivirus on that network is unable to detect thatmalware it will infect that host and rapidly the whole network 24. Many attempts have been made to design such protocols,techniques and algorithms to take down security attacks onnetworks. One of many techniques is to detect the malware presence with thehelp of network traffic.
Many detection techniques were successful enough totakedown a huge number of attacks but as soon as the attackers realize thattheir penetration technique has been discovered by anti-malware software’s ontarget network they quit their old way of attacking and they come up with a newtechnique which easily bypasses the existing malware detection software’s andalgorithms. This results in failure of techniques that are designed for knownand existing malwares and they become irrelevant and useless 14.