![Scientific and Technical Journal of Information Technologies, Mechanics and Optics](/images/mag-ntv.png)
ESTIMATION OF MALWARE DETECTION ALGORITHM ACCURACY BASED ON ANOMALY SEARCH IN PROGRAM BEHAVIOR
![Scientific and Technical Journal of Information Technologies, Mechanics and Optics](/images/mag-ntv.png)
Annotation
Subject of Research.The paper deals with the algorithm of anomaly detection in the behavior of operating system processes caused by the execution of previously unknown parts of the program code. The algorithm is implemented in the novel intrusion detection system CODA. A testing algorithm allows reducing test time and increasing its accuracy. Method. The proposed detection method is based on creation ofbehavior model for legitimate process using sequences of system calls. Measures of similarity between an arbitrary process and a model are proposed. They allow interpreting the problem of anomaly detection as the problem of vector classification. In order to evaluate the accuracy of the anomaly detection algorithm, the accuracy of the classifier is proposed to be evaluated by cross-validation method. Neural network of perceptron type was used as a classifier. Main Results.A platform for the mass distributed testing of malicious programs in virtual machines was developed. Open source library for distributed computing BOINC was used in the platformimplementation. Academic base of malware and open base Malwr was used to select 60 thousand malicious programs. From the general base33.13% of malware have workedcorrectly. A model of legitimate processes runningwithin half an hourwas created. Estimates ofmalware behavior were recorded as vectors. The most accurate neural network was searched for these vectors classification. Neural networks with different teaching parameters and different number of neurons in a hidden layer were looked over. The most precise perceptron was discovered. The accuracy of the best classifier was 91%. Practical Relevance. The results can be useful in malware detection. Our algorithm does not require Internet connection.It can find both old and new malware.
Keywords
Постоянный URL
Articles in current issue
- EXPERIMENTAL STUDIES OF ERROR COMPENSATION FOR OPTICAL SIGNAL COORDINATE DETERMINATION BY DOUBLE SYNTHESIZED APERTURE
- MODEL OF LASER INTERACTION WITH LIQUID DROPLET
- APPLICATION OF QUATERNIONS FOR REFLECTOR PARAMETER
- EVALUATION METHOD FOR PARASITIC EFFECTS OF THE ELECTRO-OPTICAL MODULATOR IN A FIBER OPTIC GYROSCOPE
- DISTURBANCE ERROR INVARIANCE IN AUTOMATIC CONTROL SYSTEMS FOR TECHNOLOGICAL OBJECT TRAJECTORY MOVEMENT
- UNMANNED AIR VEHICLE STABILIZATION BASED ON NEURAL NETWORK REGULATOR
- THIN FILMS OF A NEW ORGANIC SINGLE-COMPONENT FERROELECTRIC 2-METHYLBENZIMIDAZOLE
- STRUCTURE FEATURES OF THE SODIUM-GERMANATE GLASSES DOPED WITH YTTERBIUM ERBIUM RETRIEVED FROM RAMAN SPECTROSCOPY
- METHOD OF OPEN DATA IMPORT AND PROCESSING IN LBS-PLATFORM
- SIMULATION MODEL FOR DESIGN SUPPORT OF INFOCOMM REDUNDANT SYSTEMS
- MULTIAGENT PLANNING OF INTERSECTION PASSAGE BY AUTONOMOUS VEHICLES
- VERNAM CIPHER BASED METHOD OF PROTECTION FOR DATA TRANSFERRED BETWEEN UNMANNED AIRCRAFT AND GROUND CONTROL STATION
- CRYOGENIC SYSTEM FOR PRECISE CALIBRATION OF TEMPERATURE SENSORS
- APPLICATION FEATURES OF FUZZY CONTROLLERS ON EXAMPLE OF DC MOTOR SPEED CONTROL
- AVALANCHE BREAKDOWN OF p-n-JUNCTION IN RADIOTECHNICS
- COMPOSITE METHOD OF RELIABILITY RESEARCH FOR HIERARCHICAL MULTILAYER ROUTING SYSTEMS
- COMPUTER SIMULATION OF LOCAL MOBILITY IN DENDRIMERS WITH ASYMMETRIC BRANCHING BY BROWNIAN DYNAMICS METHOD
- COMPARATIVE ANALYSIS OF PLASMA-CHEMICAL MODELS FOR COMPUTER SIMULATION OF GLOW DISCHARGES IN AIR MIXTURES
- QUATERNARY STRUCTURE SYNTHESIS IN ALGEBRAIC BAYESIAN NETWORKS: INCREMENTAL AND DECREMENTAL ALGORITHMS
- MATHEMATICAL AND COMPUTER MODELING OF AUTOMATIC CONTROL SYSTEM FOR HYDROSTATIC BEARING
- IDENTIFICATION METHOD FOR PENDULUM SYSTEM MOMENT OF INERTIA WITH VISCOUS DAMPING
- RESEARCH OF MULTICRITERIAL DECISION-MAKING MODEL FOR EDUCATIONAL INFORMATION SYSTEMS
- CHROMATICITY COORDINATES EVALUATION OF TRIANGLE VERTICES GAMUT FOR DISPLAYS WITH MAXIMUM AREA OF COLOR REPRODUCTION
- ALGORITHM FOR CUMULATIVE CALCULATION OF GENE SET ENRICHMENT STATISTIC
- PROBABILISTIC BEHAVIORAL MODEL FOR COMPUTER NETWORK PROTECTION BASED ON ATTACK TREES
- SIMULATION OF INFORMATION INFRASTRUCTURE FOR SMALL PEDAGOGICAL SYSTEM