If an organization is infected by ZERO-day virus attack, their antivirus solutions would not be able to detect the same. (Antivirus solutions depends on the virus signature and behaviour which could be obtained only after their teams know about it. Zero-day attack is the first attack and hence Antivirus teams are not aware about the same). Advanced Viruses have self-spreading capabilities. Such Virus scans the machines connected on network to find out vulnerabilities of the remote machines. It will propagate by exploiting the vulnerabilities. An agent based solution is to be worked out to detect such propagation. Agent will run on all the machines. It will send abnormal behaviour or detected anomaly to the server for further automatic analysis to arrive upon conclusion.
Notes: Simulate a small network of 3 machines to demonstrate the virus spread. Use machines without any anti-virus installed and infect it with a self-propagating virus. At least one machine on the network should have vulnerabilities exploitable by the virus. Run agent-based solution on all the machines. The solution should be able to generate alerts about the virus infection/propagation.
Sample Data Required: No