Abstract
This paper presents a study of the possibility of using machine learning methods to detect malicious installation files related to the type of Trojan installers and downloaders. A comparative analysis of machine learning algorithms applicable for the solution of this problem is provided: the naive Bayes classifier (NBC), random forest, and C4.5 algorithm. Machine learning models are developed using the Weka software. The most significant attributes of installation files of legitimate and Trojan programs are highlighted.
REFERENCES
Fadilpashich, S., Fake Windows 11 upgrade installers are infected with malware, www.techradar.com, 2022. https://www.techradar.com/news/these-fake-windows-11-upgrade-installers-just-infect-you-with-malware.
Tulas, B., Malicious Notepad++ installers push StrongPity malware, 2021. https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-installers-push-strongpity-malware/.
Zegzhda, P.D., Zegzhda, D.P., and Nikolskiy, A.V., Using graph theory for cloud system security modeling, Computer Network Security. MMM-ACNS 2012, Kotenko, I. and Skormin, V., Eds., Lecture Notes in Computer Science, vol. 7531, Berlin: Springer, 2012, pp. 309–318. https://doi.org/10.1007/978-3-642-33704-8_26
Zegzhda, D.P., Aleksandrova, E.B., Kalinin, M.O., et al., Kiberbezopasnost’ tsifrovoi industrii. Teoriya i praktika funktsional’noi ustoichivosti k kiberatakam (Cybersecurity of Digital Industry: Theory and Practice of Functional Stability to Cyber Attacks), Zegzhda, D.P., Ed., Moscow: Goryachaya Liniya-Telekom, 2021.
Zegzhda, D.P., Zegzhda, P.D., and Kalinin, M.O., Clarifying integrity control at the trusted information environment, Computer Network Security. MMM-ACNS 2010, Kotenko, I. and Skormin, V., Eds., Lecture Notes in Computer Science, vol. 6258, Berlin: Springer, 2010, pp. 337–344. https://doi.org/10.1007/978-3-642-14706-7_27
Lavrova, D., Zegzhda, D., and Yarmak, A., Using GRU neural network for cyber-attack detection in automated process control systems, 2019 IEEE Int. Black Sea Conf. on Communications and Networking (BlackSeaCom), Sochi, 2019, IEEE, 2019. https://doi.org/10.1109/blackseacom.2019.8812818
Zegzhda, D., Pavlenko, E., and Aleksandrova, E., Modelling artificial immunization processes to counter cyberthreats, Symmetry, 2021, vol. 13, no. 12, p. 2453. https://doi.org/10.3390/sym13122453
Belenko, V., Krundyshev, V., and Kalinin, M., Intrusion detection for Internet of Things applying metagenome fast analysis, 2019 Third World Conf. on Smart Trends in Systems Security and Sustainablity (WorldS4), London, 2019, IEEE, 2019, pp. 129–135. https://doi.org/10.1109/worlds4.2019.8904022
Minin, A. and Kalinin, M., Information security in computer networks with dynamic topology, Proc. 8th Int. Conf. on Security of Information and Networks, Sochi, 2015, New York: Association for Computing Machinery, 2015, pp. 127–130. https://doi.org/10.1145/2799979.2800023
Lukach, Yu.S., Structure of executable files in Win32 and Win64. http://cs.usu.edu.ru/docs/pe/.
Adamov, A. and Saprykin, A., The problem of Trojan inclusions in software and hardware, 2010 East-West Design & Test Symp. (EWDTS), St. Petersburg, 2010, IEEE, 2010, pp. 449–451. https://doi.org/10.1109/ewdts.2010.5742081
Pal, M. and Mather, P.M., Decision tree based classification of remotely sensed data, 22nd Asian Conf. on Remote Sensing, Singapore, 2014, pp. 9–16.
Belenko, V., Chernenko, V., Kalinin, M., and Krundyshev, V., Evaluation of GAN applicability for intrusion detection in self-organizing networks of cyber physical systems, 2018 Int. Russian Automation Conf. (RusAutoCon), Sochi, 2018, IEEE, 2018, pp. 1–7. https://doi.org/10.1109/rusautocon.2018.8501783
Kalinin, M. and Krundyshev, V., Sequence alignment algorithms for intrusion detection in the internet of things, Nonlinear Phenom. Complex Syst., 2020, vol. 23, no. 4, pp. 397–404. https://doi.org/10.33581/1561-4085-2020-23-4-397-404
Khsina, B., Merbukha, A., Ezzikuri, Kh., and Erritali, M., Comparative study of decision tree ID3 and C4.5, Mezhdunarodnyi Zh. Peredovykh Komp’yuternykh Nauk Prilozhenii, 2014, pp. 3–7.
Kaftannikov, I.L. and Parasich, A.V., Decision tree’s features of application in classification problems, Vestn. Yuzhno-Ural. Gos. Univ. Ser.: Komp’yuternye Tekhnol., Upr., Radioelektron., 2015, vol. 15, no. 3, pp. 26–32. https://doi.org/10.14529/ctcr150304
Funding
This work was supported by ongoing institutional funding. No additional grants to carry out or direct this particular research were obtained.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The authors of this work declare that they have no conflicts of interest.
Additional information
Publisher’s Note.
Allerton Press remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Yugai, P.E., Zhukovskii, E.V. & Semenov, P.O. Features of Detecting Malicious Installation Files Using Machine Learning Algorithms. Aut. Control Comp. Sci. 57, 968–974 (2023). https://doi.org/10.3103/S0146411623080333
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411623080333