A Distributed Malware Detection Model Based on Sandbox Technology

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F25840886%3A_____%2F23%3AN0000010" target="_blank" >RIV/25840886:_____/23:N0000010 - isvavai.cz</a>

Výsledek na webu

<a href="https://ceur-ws.org/Vol-3373/paper32.pdf" target="_blank" >https://ceur-ws.org/Vol-3373/paper32.pdf</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

A Distributed Malware Detection Model Based on Sandbox Technology

Popis výsledku v původním jazyce

The article proposes a model for distributed malware detection using sandbox technology. The analysis of modern malware detection tools and an overview of existing attacks were carried out. The justification of the selected detection method to be used by the model is carried out. Its main disadvantages are identified and the use of the distributed system as its solution is proposed. The key features of the use of heterogeneous computer systems for calculations and their adaptation to perform the task were considered. Detection of malware is proposed to be solved by analyzing the states of sandboxes, and evenly distributing these states among the computational elements of the system. Analysis how these states are changing will signal about potentially malicious software that uses anti-emulation techniques, thereby allowing the detection of malware. The basic set of levels of the proposed model is presented. The main tasks for the protection of calculations are defined, taking into account that the model will work in system with dynamical topology. The basic concept of load distribution between computing elements is proposed in order to ensure the synchronous operation of the system, taking into account the heterogeneity of the system. Two main strategies for protecting computing both at the level of computational elements and at the level of intermediate servers are defined. A basic algorithm for adding new elements to the system is proposed, and the use of a rating model is presented, which will ensure an appropriate level of protection of calculations.

Název v anglickém jazyce

A Distributed Malware Detection Model Based on Sandbox Technology

Popis výsledku anglicky

The article proposes a model for distributed malware detection using sandbox technology. The analysis of modern malware detection tools and an overview of existing attacks were carried out. The justification of the selected detection method to be used by the model is carried out. Its main disadvantages are identified and the use of the distributed system as its solution is proposed. The key features of the use of heterogeneous computer systems for calculations and their adaptation to perform the task were considered. Detection of malware is proposed to be solved by analyzing the states of sandboxes, and evenly distributing these states among the computational elements of the system. Analysis how these states are changing will signal about potentially malicious software that uses anti-emulation techniques, thereby allowing the detection of malware. The basic set of levels of the proposed model is presented. The main tasks for the protection of calculations are defined, taking into account that the model will work in system with dynamical topology. The basic concept of load distribution between computing elements is proposed in order to ensure the synchronous operation of the system, taking into account the heterogeneity of the system. Two main strategies for protecting computing both at the level of computational elements and at the level of intermediate servers are defined. A basic algorithm for adding new elements to the system is proposed, and the use of a rating model is presented, which will ensure an appropriate level of protection of calculations.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

N - Vyzkumna aktivita podporovana z neverejnych zdroju

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

IntelITSIS 2023 Intelligent Information Technologies & Systems of Information Security 2023

ISBN

—

ISSN

1613-0073

e-ISSN

—

Počet stran výsledku

11

Strana od-do

475-485

Název nakladatele

CEUR-WS.org

Místo vydání

Khmelnytskyi, Ukraine

Místo konání akce

Khmelnytskyi

Datum konání akce

22. 3. 2023

Typ akce podle státní příslušnosti

EUR - Evropská akce

Kód UT WoS článku

—