Method for detecting and counteracting Virus Detection in BMP images

Abstract

The aim of the article is to develop a method for protecting modern systems against attacks using BMP image files and HID attacks. This article describes the features of BMP format images. The method of injecting computer viruses in BMP image and attacks to overcome the means of protection. HID attacks and the possibility of combining these attacks are also considered. Features of functioning of modern means of protection IDS, IPS, antiviruses, firewalls and their shortcomings are presented. Such attacks are possible due to the fact that security tools will only analyze executable files, DLLs, Word documents, Java applets. Most of the protection tools simply do not pay attention to images or another secure file type. Because they believe, that there is no reason to spend the processor cycle on image analysis. HID devices are perceived by security tools as a simple interface between a computer and a user, therefore they are trusted. The article suggests methods for detecting viruses in BMP image files based on checking reserved fields that should be zero, matching the real file size with the value in the file header, matching the pixel size specified in the header with real. The article also offers a method to counteract HID attacks based on analysis of text input speed. Developed programs demonstrate the effectiveness of protection against the considered attacks.