Distributed Discrete Malware Detection Systems Based on Partial Centralization and Self-Organization

Abstract

Malware detection remains an urgent task today. Various means for the development of information technology and providing users with useful applications are being transformed by attackers into tools for malicious influences and manifestations. A variety of countermeasures and detection tools have been developed to detect malware, but the problem of malware distribution remains relevant. It is especially important for enterprises and organizations. Their corporate networks and resources are becoming objects of interest to intruders. To counteract and prevent the effects of malware, they have various systems in place. In order to improve the counteraction to malicious influences and manifestations, the paper proposes the use of distributed discrete systems, in the architecture of which the principles of self-organization, adaptability and partial centralization are synthesized. Such tools and their functioning will be difficult to understand for attackers and, therefore, will be difficult to circumvent. The architecture of the proposed tools will integrate the implemented methods of malware detection for a holistic counteraction to malware. Such a system will be a single sensor that will detect malicious influences and anomalies. To organize its functioning, descriptions of characteristic indicators are needed. The paper presents the developed mathematical models for determining the values of characteristic indicators. According to obtained values the system architecture was formed. In order to evaluate the sustainability of the developed distributed discrete system a set of experiments were conducted. In addition, to study the accuracy of malware detection, the developed system was tested for the possibility of worm virus detection. Experimental studies have confirmed the effectiveness of the proposed solution, which makes it possible to use the obtained solutions for the development of such systems.