Аналіз методів виявлення шкідливого програмного забезпечення в комп’ютерних системах
Вантажиться...
Файли
Дата
2020
Автори
Лисенко, С.М.
Щука, Р.В.
Lysenko, S.
Schuka, R.
Назва журналу
Номер ISSN
Назва тому
Видавець
Хмельницький національний університет
Анотація
У даній статті здійснено аналіз сучасного стану шкідливого програмного забезпечення (ШПЗ). Для цього
розв’язано три часткові задачі: класифіковано і описано основні типи ШПЗ, прийоми і методи боротьби з його
окремими різновидами; розглянуто ряд сучасних підходів до виявлення загроз; з’ясовано основні недоліки
поширених методів викриття згубних програм. Виконані дослідження дозволили обґрунтувати необхідність
пошуку нових шляхів боротьби з програмними небезпеками. В якості концептуальної основи для такого випадку
запропоновано обрати методи штучного інтелекту. На нашу думку, це дозволило б виявляти ШПЗ, яке до відомих
хакерських атаках ще не залучалось.
Malware (malicious software or malware) are programs that are designed to make harm and use the resources of the targeted computer. They are often masked in legal programs, imitate them or just hide in different folders and files in the computer. Moreover, they can get an access to the operating system that allows malware to encrypt files and steal personal information. In some cases malware are distributed by themselves, by e-mail from one computer to another, or through infected files and disks. Fast growing amount of malware makes the computer security researchers invent new methods to protect computers and networks. There are three main methods that are using for malware detection – signature based, behavioural based and heuristic. Signature based malware detection is the most common method used by commercial antiviruses and used in the cases which are completely known and documented. Behaviour-based malware detection evaluates an object based on its intended actions before it can actually execute that behaviour. This malware detection method used to cover disadvantages of signature based method. However, this approaches cannot normally detect harmful software, since such new signatures are not available for newly created malware. On another hand, heuristic methods for detecting harmful software are considered the most effective because they use advanced algorithms based on machine learning technologies. In this paper, we provide the analysis of current state of malicious software. Firstly, we described and classified main types of malware. Then we provide common malware detection approaches and their disadvantages. After that we focused on heuristic malware detection approaches based on artificial intelligence and briefly overview various features of this methods such as API Calls, OpCodes, N-Grams etc.
Malware (malicious software or malware) are programs that are designed to make harm and use the resources of the targeted computer. They are often masked in legal programs, imitate them or just hide in different folders and files in the computer. Moreover, they can get an access to the operating system that allows malware to encrypt files and steal personal information. In some cases malware are distributed by themselves, by e-mail from one computer to another, or through infected files and disks. Fast growing amount of malware makes the computer security researchers invent new methods to protect computers and networks. There are three main methods that are using for malware detection – signature based, behavioural based and heuristic. Signature based malware detection is the most common method used by commercial antiviruses and used in the cases which are completely known and documented. Behaviour-based malware detection evaluates an object based on its intended actions before it can actually execute that behaviour. This malware detection method used to cover disadvantages of signature based method. However, this approaches cannot normally detect harmful software, since such new signatures are not available for newly created malware. On another hand, heuristic methods for detecting harmful software are considered the most effective because they use advanced algorithms based on machine learning technologies. In this paper, we provide the analysis of current state of malicious software. Firstly, we described and classified main types of malware. Then we provide common malware detection approaches and their disadvantages. After that we focused on heuristic malware detection approaches based on artificial intelligence and briefly overview various features of this methods such as API Calls, OpCodes, N-Grams etc.
Опис
Ключові слова
шкідливе програмне забезпечення, OpCode, N-грами, комп’ютерна система, Malware detection, N-gram, API, Neural networks, computer system
Бібліографічний опис
Лисенко С. М. Аналіз методів виявлення шкідливого програмного забезпечення в комп’ютерних системах / С. М. Лисенко, Р. В. Щука // Вісник Хмельницького національного університету. Технічні науки. – 2020. – № 2. – С. 101-107.