9004 Problems of information security. Computer systems Проблемы информационной безопасности. Компьютерные системы 2071-8217 13 Detection malware based on clusterization of performed actions Выявление вредоносных исполняемых файлов на основе кластеризации выполняемых действий 0009-0004-1271-709X Ognev Roman ognev_ra@spbstu.ru 0009-0002-7321-7430 Zhukovskii Evgeniy bugaev.va@edu.spbstu.ru 0000-0002-0232-7248 13103571000 Zegzhda Dmitry zegzhda_dp@spbstu.ru Peter the Great St. Petersburg Polytechnic University 03 06 2021 2 118 126

The application of classification algorithms for detecting malicious software is investigated using classes of actions obtained as a result of clustering based on the analysis of sequences of calls to WinAPI-functions as features. The application of the following classification algorithms is considered: gradient boosting, adaptive boosting, linear regression, and the forest case. The quality assessment was carried out using the accuracy metrics, F1-measure, the area under the ROC curve, as well as taking into account the training time

 classification clustering malicious software malicious behavior machine learning behavioral analysis dynamic analysis computer security