Abstract
In current operating systems, executable files are used to solve various problems, which in turn can be either benign (perform only necessary actions) or malicious (the main purpose of which is to perform destructive actions in relation to the system). Thus, malware is a program used for unauthorized access to information and/or impact on information or resources of an automated information system. Here, the problem of determining the types of executable files and detecting malware is solved.
REFERENCES
Idika, N. and Mathur, A.P., A survey of malware detection techniques, Purdue Univ., 2007.
Fatin, A.D., Pavlenko, E.Yu., and Poltavtseva, M.A., A survey of mathematical methods for security analysis of cyberphysical systems, Autom. Control Comput. Sci., 2020, vol. 54, no. 8, pp. 983–987. https://doi.org/10.3103/S014641162008012X
Witte, T.N., Phantom malware: conceal malicious actions from malware detection techniques by imitating user activity, IEEE Access, 2020, vol. 8, pp. 164428–164452. https://doi.org/10.1109/ACCESS.2020.3021743
Tian, R., Islam, R., Batten, L., and Versteeg, S., Differentiating malware from cleanware using behavioural analysis, 5th Int. Conf. on Malicious and Unwanted Software, Nancy, France, 2010, IEEE, 2010, pp. 23–30. https://doi.org/10.1109/MALWARE.2010.5665796
Kalinin, M.O., Krundyshev, V.M., Rezedinova, E.Yu., and Reshetov, D.V., Hierarchical software-defined security management for large-scale dynamic networks, Autom. Control Comput. Sci., 2018, vol. 52, no. 8, pp. 906–911. https://doi.org/10.3103/S014641161808014X
Salehi, Z., Ghiasi, M., and Sami, A., A miner for malware detection based on API function calls and their arguments, The 16th CSI Int. Symp. on Artificial Intelligence and Signal Processing (AISP 2012), Shiraz, Iran, 2012, IEEE, 2012, pp. 563–568. https://doi.org/10.1109/AISP.2012.6313810
Popova, E.A. and Platonov, V.V., Reduction of the number of analyzed parameters in network attack detection systems, Autom. Control Comput. Sci., 2020, vol. 54, no. 8, pp. 907–914. https://doi.org/10.3103/S0146411620080295
Anderson, B., Quist, D., Neil, J., Storlie, C., and Lane, T., Graph-based malware detection using dynamic analysis, J. Comput. Virol., 2011, vol. 7, pp. 247–258. https://doi.org/10.1007/s11416-011-0152-x
Damodaran, A., Di Troia, F., Visaggio, C.A., Austin, T.H., and Stamp, M., A comparison of static, dynamic, and hybrid analysis for malware detection, J. Comput. Virol. Hacking Tech., 2017, vol. 13, pp. 1–12. https://doi.org/10.1007/s11416-015-0261-z
Altaher, A., Supriyanto, Almomani, A., Anbar, M., and Ramadass, S., Malware detection based on evolving clustering method for classification, Sci. Res. Essays, 2012, vol. 7, no. 22, pp. 2031–2036. https://doi.org/10.5897/SRE12.001
Amer, E. and Zelinka, I., A dynamic windows malware detection and prediction method based on contextual understanding of API call sequence, Comput. Secur., 2020, vol. 92, p. 101760. https://doi.org/10.1016/j.cose.2020.101760
Kalinin, M.O. and Krundyshev, V.M., Computational intelligence technologies stack for protecting the critical digital infrastructures against security intrusions, Fifth World Conf. on Smart Trends in Systems Security and Sustainability (WorldS4), London, 2021, IEEE, 2021, pp. 118–122. https://doi.org/10.1109/WorldS451998.2021.9514004
Endgame Malware BEnchmark for Research, 2018. https://github.com/elastic/ember.
O’Connel, R., Binary hashing: Motivations and algorithms, 2019. https://www.riverloopsecurity.com/blog/ 2019/11/binary-hashing-intro. Cited October 11, 2021.
Busygin, A. and Kalinin, M. Criterion of blockchain vulnerability to majority attack based on hashing power distribution assessment, Futuristic Trends in Network and Communication Technologies. FTNCT 2020, Singh, P.K., Veselov, G., Vyatkin, V., Pljonkin, A., Dodero, J.M., and Kumar, Y., Eds., Communications in Computer and Information Science, vol. 1395. Singapore: Springer, 2020, pp. 68–77. https://doi.org/10.1007/978-981-16-1480-4_6
Koret, J., A new control flow graph based heuristic for Diaphora, 2018. http://joxeankoret.com/blog/2018/ 11/04/new-cfg-based-heuristic-diaphora.
Diaphora, 2020. https://github.com/joxeankoret/diaphora.
An implementation of the Koret–Karamitas (KOKA) CFGs hashing algorithm, 2019. https://github.com/ j-oxeankoret/diaphora/blob/master/jkutils/graph_hashes.
ACKNOWLEDGMENTS
Project results are achieved using the resources of supercomputer center of Peter the Great St.Petersburg Polytechnic University—SCC Polytechnichesky (http://www.spbstu.ru).
Funding
The research is funded by the Ministry of Science and Higher Education of the Russian Federation under the strategic academic leadership program “Priority 2030” (agreement 075-15-2021-1333 dated November 30, 2021).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The authors declare that they have no conflicts of interest.
Additional information
Translated by A. Ivanov
About this article
Cite this article
Ognev, R.A., Zhukovskii, E.V., Zegzhda, D.P. et al. Detecting Malicious Executable Files Based on Static–Dynamic Analysis Using Machine Learning. Aut. Control Comp. Sci. 56, 852–864 (2022). https://doi.org/10.3103/S0146411622080120
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411622080120