МЕТОД ОБНАРУЖЕНИЯ ВРЕДОНОСНЫХ ПРОГРАММ И ИХ ЭЛЕМЕНТОВ

Abstract

Introduction. Modern information systems require special measures to protect against malware. Virus programs are being improved ahead of antivirus tools, so information systems must have a monitoring and development mechanism. The paper proposes a new method of stealthy search for malware and their elements. There is an opinion that static analysis is not effective enough, but this is the safest stage of antivirus protection. The more effective this process is, the higher the security of the information system. A new method of scanning incoming traffic using new transformations has been developed to achieve this goal. The search for technologies to improve the efficiency of antivirus scanning in static mode is relevant. The purpose of the study is to increase the probability of detecting malware. To achieve this goal, a number of tasks have been solved to expand the processes of working with white and black lists. The novelty of the method lies in the application of new interrelated procedures for analyzing the input file: structure, relationships, functionality of elements and parallel search for coincidences using fragments in accordance with the length of the available signatures, replacing the detected elements with the basic ones from the white list, dividing the dangerous fragment with the subsequent repetition of the chain of procedures to a given level of the elementary component and replacing it with a similar functional element from the white list. The results of simulation modeling showed that the number of correctly detected files with the virus in relation to the total number of accepted ones increased by 15.3%. The practical significance of the application of the new method is to increase the efficiency of static analysis. The use of forward and feedback links between static and dynamic scanning increases the effectiveness of antivirus protection.