Надіслати статтю
вул. Інститутська 11, м. Хмельницький, 29016

АНАЛІЗ МЕТОДІВ ВИЯВЛЕННЯ ШКІДЛИВОГО ПРОГРАМНОГО ЗАБЕЗПЕЧЕННЯ В КОМП’ЮТЕРНИХ СИСТЕМАХ

ANALYSIS OF MALWARE DETECTION METHODS IN COMPUTER SYSTEMS

Сторінки: 101-107. Номер: №2, 2020 (283)
Автори:
С.М. ЛИСЕНКО, Р.В. ЩУКА
Хмельницький національний університет
LYSENKO, R. SCHUKA
Khmelnytskyi National University

DOI: https://www.doi.org/10.31891/2307-5732-2020-283-2-101-107

Рецензія/Peer review : 11.05.2020 р.
Надрукована/Printed : 16.06.2020 р.

Анотація мовою оригіналу

У даній статті здійснено аналіз сучасного стану шкідливого програмного забезпечення (ШПЗ). Для цього розв’язано три часткові задачі: класифіковано і описано основні типи ШПЗ, прийоми і методи боротьби з його окремими різновидами; розглянуто ряд сучасних підходів до виявлення загроз; з’ясовано основні недоліки поширених методів викриття згубних програм. Виконані дослідження дозволили обґрунтувати необхідність пошуку нових шляхів боротьби з програмними небезпеками. В якості концептуальної основи для такого випадку запропоновано обрати методи штучного інтелекту. На нашу думку, це дозволило б виявляти ШПЗ, яке до відомих хакерських атаках ще не залучалось.
Ключові слова: шкідливе програмне забезпечення, OpCode, N-грами, комп’ютерна система.

Розширена анотація англійською мовою

Malware (malicious software or malware) are programs that are designed to make harm and use the resources of the targeted computer. They are often masked in legal programs, imitate them or just hide in different folders and files in the computer. Moreover, they can get an access to the operating system that allows malware to encrypt files and steal personal information. In some cases malware are distributed by themselves, by e-mail from one computer to another, or through infected files and disks. Fast growing amount of malware makes the computer security researchers invent new methods to protect computers and networks. There are three main methods that are using for malware detection – signature based, behavioural based and heuristic. Signature based malware detection is the most common method used by commercial antiviruses and used in the cases which are completely known and documented. Behaviour-based malware detection evaluates an object based on its intended actions before it can actually execute that behaviour. This malware detection method used to cover disadvantages of signature based method. However, this approaches cannot normally detect harmful software, since such new signatures are not available for newly created malware. On another hand, heuristic methods for detecting harmful software are considered the most effective because they use advanced algorithms based on machine learning technologies. In this paper, we provide the analysis of current state of malicious software. Firstly, we described and classified main types of malware. Then we provide common malware detection approaches and their disadvantages. After that we focused on heuristic malware detection approaches based on artificial intelligence and briefly overview various features of this methods such as API Calls, OpCodes, N-Grams etc.
Keywords: Malware detection, N-gram, API, Neural networks, computer system.

References

  1. Al-khatib A. A., Hammood W. A. Mobile Malware and Defending Systems, Comparison Study. Journal of Electronics and Information Engineering, 2017, Vol. 6, No. 2. 116–123.
  2. Beek C., Dunton T. Advanced Data-Stealing Implants GhostSecret and Bankshot Have Global Reach and Implications. McAfee Labs Threats Report, June 2018. 1–27.
  3. Beek C., Castillo C. McAfee Global Threat Intelligence analyzed, on average, 1,800,000 URLs, 800,000 files, and another 200,000 files in a sandbox each day in Q2. McAfee Labs Threats Report, September. 2018.   1–21.
  4. Kujawa A., A. Kujawa Cybercrime tactics and techniques: Q1 2018 [Electronic resource]. Cybercrime tactics and technique, 2018. Available at: https://www.malwarebytes.com/pdf/white-papers/CTNT-Q1-2018.pdf (last access: 26.02.2020).
  5. Cohen F., Cohen F. Computer Viruses, dissertation [Electronic resource]. A Dissertation Presented to the FACULTY OF THE GRADUATE SCHOOL UNIVERSITY OF SOUTHERN CALIFORNIA In Partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY Electrical Engineering January 1986. Available at: http://all.net/books/Dissertation.pdf (last access: 26.02.2020).
  6. Szor P., Szor P. The Art of Computer: Virus Research and Defence. [Electronic resource]. Addison Wesley for Symantec Press, New Jersey, vol. 2005. pp. 283–290 Available at: http://index-of.es/Viruses/T/The%20Art%20of%20Computer%20Virus%20Research%20and%20Defense.pdf (last access: 26.02.2020).
  7. Saurabh R., Wilson N., Vaderia S., Panigrakhi R. Decentralised firewall for malware detection [Electronic resource], 2016. Available at: https://ieeexplore.ieee.org/document/8318755 (last access: 26.02.2020).
  8. Siddiqui M., Wang M. C., Lee J., A Survey of Data Mining Techniques for Malware Detection using File Features [Electronic resource], 2008. Available at: https://dl.acm.org/doi/10.1145/1593105.1593239 (last access: 26.02.2020).
  9. You I., Yim K. Malware Obfuscation Techniques: A Brief Survey[Electronic resource]. In: International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA), Fukuoka, Japan, 2010. Available at: https://www.researchgate.net/publication/221420990_Malware_Obfuscation_Techniques_A_Brief_Survey (last access: 26.02.2020).
  10. Bazrafshan Z., Hashemi H., Hazrati Fard S. M., Hamzeh A. A Survey on Heuristic Malware Detection Techniques [Electronic resource], 2013. Available at: https://www.researchgate.net/publication/260729684_A_survey_on_heuristic_malware_detection_techniques (last access: 26.02.2020).
  11. Hofmeyr S., Forrest S., Somayaji Intrusion detection using sequences of system calls. Journal of Computer Security, 1998,  pp. 151–180.
  12. Ye Y., Wang D., Li T., Ye D. IMDS: Intelligent malware detection system. Proc. ACM Int. Conf. Knowl. Discovery Data Mining, 2007. pp. 1043–1047.
  13. Jeong K., Lee H. Code graph for malware detection. In Information Networking. ICOIN. In: International Conference on, Jan 2008, 679
  14. Ye Y., Li T., Huang K., Jiang Q. and Chen Y. Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list. Journal of Intelligent Information Systems, 2008, vol. 3, pp. 1–20.
  15. Bilar D. OpCodes as predictor for malware. International Journal of Electronic Security and Digital Forensics, 2007, vol. 1, No 2, p. 156.
  16. Santos I., Brezo F., Ugarte-Pedrero X., Bringas P. G. OpCode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences, Aug. 2011.
  17. Santos I., Laorden C., and Bringas P. Collective classification for unknown malware detection. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, 2011.
  18. Santos I., Brezo F., Sanz B., Laorden C., Bringas P. G. Using opCode sequences in single-class learning to detect unknown malware. IET Information Security, 2011, vol. 5, No 4, p. 220.
  19. Santos I., Sanz B., Laorden C. OpCode-sequence-based semisupervised unknown malware detection. Computational Intelligence in Security for Information Systems, 2011.
  20. Runwal N., Low R. M., Stamp M. OpCode graph similarity and metamorphic detection. Journal in Computer Virology, Apr. 2012, vol. 8, No 1–2, pp. 37–52.
  21. Cercone N. T., Keß N., Sweidan R. Abou-assaleh. N-gram-based Detection of New Malicious Code, 2004, No.
  22. Bazrafshan Z., Hashemi H., Hazrati Fard S. M., Hamzeh A. A Survey on Heuristic Malware Detection Techniques [Electronic resource]. Available at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.530.8584&rep=rep1&type=pdf (last access: 26.02.2020).
  23. Schultz M., Eskin E., Zadok E., Stolfo S. Data mining methods for detection of new malicious executables. In IEEE Symposium on Security and Privacy, 2001. IEEE COMPUTER SOCIETY, pp. 38–49.
  24. Gerald G. B. S., Tesauro J., Kephart J. O.Neural Network for Computer Virus Recognition. IEEE Expert, 1996.
  25. Tesauro W. A., Tesauro G. Automatically Generated Win32 Heuristic Virus Detection. Virus Bulletin Conference, 2000.
  26. Santos I., Brezo F., Sanz B., Laorden C., Bringas P. G. Using opCode sequences in single-class learning to detect unknown malware. IET Information Security, 2011, vol. 5, No. 4, p. 220.
  27. Kolter M. M. Learning to detect malicious executables in the wild. JZ In roc of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2006.
  28. J. Z., Kolter, M. A. Maloof Learning to Detect and Classify Malicious Executables in the, 2006, vol. 7, pp. 2721–2744.

Cai T. J., DM, Gokhale M. Comparison of feature selection and classification algorithms in identifying malicious executables. In Computational Statistics and Data Analysis, 2007.

Post Author: npetliaks

Translate