9004

Problems of information security. Computer systems

Проблемы информационной безопасности. Компьютерные системы

2071-8217

10.48612/jisp/422m-udhg-dg48

Identification of malicious executable files based on static-dynamic analysis using machine learning

Выявление вредоносных исполняемых файлов на основе статико-динамического анализа с использованием машинного обучения

0009-0004-1271-709X

Ognev

Roman

ognev_ra@spbstu.ru

0009-0002-7321-7430

Zhukovskii

Evgeniy

bugaev.va@edu.spbstu.ru

0000-0002-0232-7248

13103571000

Zegzhda

Dmitry

zegzhda_dp@spbstu.ru Kiselev

Alexey

Peter the Great St. Petersburg Polytechnic University

24 12 2021

4 9 25

The article is devoted to the study of methods for detecting malicious software (malware) using static-dynamic analysis. A method for detecting malware is proposed, in which the number of parameters of the behavior of executable files is optimized using clustering of insignificant features, and also fuzzy-hashing of own functions is used when constructing a call trace. A prototype of a malware detection system based on the proposed method has been developed. Experimental studies assess the effectiveness of the proposed method. The efficiency of malware detection by the developed prototype is estimated. According to the verification results, the developed prototype was able to improve the detection efficiency of malware.

information security systems detection of malicious software static-dynamic analysis parameter feature selection