Development of a heuristic antivirus scanner based on the file's РЕ-structure analysis
Keywords:
antivirus software, computer system, malicious software, signature method, heuristic method, PE-structure of a file, Mamdani fuzzy logicAbstract
Methods for constructing antivirus programs, their advantages and disadvantages are considered. The PE-structure of malicious and secure software is analyzed. The API-functions and strings inherent in these files are found and some of them are selected for further analysis. The selected features are used as inputs for the system of fuzzy inferences. A model of a fuzzy inference system based on the Mamdani fuzzy logic method is developed and tested. The obtained results of the research showed the possibility of using the developed malicious software identification system in heuristic analyzers of intrusion detection systems.
References
1. Computer security expert estimated the world losses from the virus "Petya" attack. [Web source]. – Access mode: https://tsn.ua/svit/kiberekspert-ociniv-zbitki-vid-virusu-petya-a-u-sviti-953633.html
2. Shelukhin O.I., Sakalema D.Zh., Filinova A.S. Obnaruzheniye vtorzheny v kompyuternye seti (setevye anomalii) [Detection of intrusions into computer networks (network anomalies)] / О.I. Shelukhin, D. Zh. Sakalema, A.S. Filinova. – M.: Goryachaya Liniya-Telekom, 2013. – 220 p.
3. Kaspersky К. Zapiski issledovatelya kompyuternyh virusov [Sketch-book of a computer virus researcher] / К. Kaspersky. – St.P.: Piter, 2006. – 316 p.
4. Zaichenko Yu.P. Nechetkye modeli i metody v intellektualnyh systemah [Fuzzy models and methods in intelligent systems / Yu.P. Zaichenko. – К.: Slovo, 2008. – 344 p.
5. Semenov. S.G. Zashchita dannyh v kompyuterizirovannyh systemah upravleniya (monographiya) [Data protection in computerized control systems (monograph)] / S.G. Semenov, V.V. Davydov, S.Yu. Gavrilenko. – LAP LAMBERT ACADEMIC PUBLISHING GmbH & Co. KG, Germany, 2014.– 236 p.
6. Lukatskiy A.V. Obnaruzheniye atak [Detection of attacks]. – St.P.: BHV-Petersburg, 2001. – 624 p.
7. Lenkov S.V. Metody i sredstva zashchity informatsii [Methods and means of information protection. In 2 vol.] / S.V. Lenkov, D.A. Peregudov, V.A. Khoroshko. – Edited by V.A. Khoroshko. – К.: Ariy, 2008. – Vol. 2. Information security. – 344 p.
8. Kavun S.V. Informatsiyna bezpeka: pidruchnyk [Information security: guide]. – Kharkiv: Edition of KNUE, 2009. – 368 p.
9. Zadeh L. The concept of a linguistic variable and its application to approximate reasoning. – М.: Мir, 1976. – 166 p.
10. Fuzzy sets and probability theory. Recent achievements / Edited by. R.R. Yager. - М.: Radio i svyaz, 1986. – 408 p.
11. Pivkin V.Y., Bakulin E.P., Korenkov D.I. Nechetkiye mnozhestva v sistemah upravleniya [Fuzzy sets in control systems]. – Novosibirsk: Edition of NCU, 1998. – 75 p.
12. Stovba S.D. Proyektirovaniye nechetkih sistem sredstvami MATLAB [Designing of fuzzy systems using MATLAB tools]. – М.: Goryachaya Liniya-Telekom, 2007. – 288 p.
13. Leonenkov A.V. Nechetkoye modelirovaniye v srede MATLAB i fuzzyTECH [Fuzzy modeling in the MATLAB and fuzzyTECH environment]. – St.P.: BHV-Petersburg, 2005. – 736 p.
2. Shelukhin O.I., Sakalema D.Zh., Filinova A.S. Obnaruzheniye vtorzheny v kompyuternye seti (setevye anomalii) [Detection of intrusions into computer networks (network anomalies)] / О.I. Shelukhin, D. Zh. Sakalema, A.S. Filinova. – M.: Goryachaya Liniya-Telekom, 2013. – 220 p.
3. Kaspersky К. Zapiski issledovatelya kompyuternyh virusov [Sketch-book of a computer virus researcher] / К. Kaspersky. – St.P.: Piter, 2006. – 316 p.
4. Zaichenko Yu.P. Nechetkye modeli i metody v intellektualnyh systemah [Fuzzy models and methods in intelligent systems / Yu.P. Zaichenko. – К.: Slovo, 2008. – 344 p.
5. Semenov. S.G. Zashchita dannyh v kompyuterizirovannyh systemah upravleniya (monographiya) [Data protection in computerized control systems (monograph)] / S.G. Semenov, V.V. Davydov, S.Yu. Gavrilenko. – LAP LAMBERT ACADEMIC PUBLISHING GmbH & Co. KG, Germany, 2014.– 236 p.
6. Lukatskiy A.V. Obnaruzheniye atak [Detection of attacks]. – St.P.: BHV-Petersburg, 2001. – 624 p.
7. Lenkov S.V. Metody i sredstva zashchity informatsii [Methods and means of information protection. In 2 vol.] / S.V. Lenkov, D.A. Peregudov, V.A. Khoroshko. – Edited by V.A. Khoroshko. – К.: Ariy, 2008. – Vol. 2. Information security. – 344 p.
8. Kavun S.V. Informatsiyna bezpeka: pidruchnyk [Information security: guide]. – Kharkiv: Edition of KNUE, 2009. – 368 p.
9. Zadeh L. The concept of a linguistic variable and its application to approximate reasoning. – М.: Мir, 1976. – 166 p.
10. Fuzzy sets and probability theory. Recent achievements / Edited by. R.R. Yager. - М.: Radio i svyaz, 1986. – 408 p.
11. Pivkin V.Y., Bakulin E.P., Korenkov D.I. Nechetkiye mnozhestva v sistemah upravleniya [Fuzzy sets in control systems]. – Novosibirsk: Edition of NCU, 1998. – 75 p.
12. Stovba S.D. Proyektirovaniye nechetkih sistem sredstvami MATLAB [Designing of fuzzy systems using MATLAB tools]. – М.: Goryachaya Liniya-Telekom, 2007. – 288 p.
13. Leonenkov A.V. Nechetkoye modelirovaniye v srede MATLAB i fuzzyTECH [Fuzzy modeling in the MATLAB and fuzzyTECH environment]. – St.P.: BHV-Petersburg, 2005. – 736 p.
Downloads
-
PDF
Downloads: 168
Abstract views: 301
Published
2017-12-20
How to Cite
[1]
S. Y. Havrylenko, M. S. Melnyk, and V. V. Chelak, “Development of a heuristic antivirus scanner based on the file’s РЕ-structure analysis”, ІТКІ, vol. 40, no. 3, pp. 23–29, Dec. 2017.
Issue
Section
Information technology and coding theory
