Methods for detecting software implants in corporate networks

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F25840886%3A_____%2F24%3AN0000010" target="_blank" >RIV/25840886:_____/24:N0000010 - isvavai.cz</a>

Výsledek na webu

<a href="https://ceur-ws.org/Vol-3675/paper20.pdf" target="_blank" >https://ceur-ws.org/Vol-3675/paper20.pdf</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Methods for detecting software implants in corporate networks

Popis výsledku v původním jazyce

With innovations in the technological sphere, the development of mechanisms that allow obtaining confidential information without the proper authorization of the owner is increasing. One of such mechanisms is software implants. This type of software is very difficult to detect because it does not use specialized signatures or code obfuscation, making it difficult to detect. This paper proposes a software implant detection system based on recurrent neural networks and a classifier. The classifier is a mechanism that describes the operating behavior of the software and provides the recurrent neural network with the ability to learn. This mechanism helps to identify behavioral patterns characteristic of software implants and notify the user of the possible risk of data loss. During the experiments, it was found that in order to successfully detect a software implant that initiates the creation of additional processes, the system needs to be trained for 50 epochs. Thus, the detection efficiency is 97.50%, which indicates the possibility of using this system as an effective mechanism for detecting software implants in corporate systems. Given the results obtained, it can be recommended for use in a wide range of information systems to ensure reliable protection against potential security threats.

Název v anglickém jazyce

Methods for detecting software implants in corporate networks

Popis výsledku anglicky

With innovations in the technological sphere, the development of mechanisms that allow obtaining confidential information without the proper authorization of the owner is increasing. One of such mechanisms is software implants. This type of software is very difficult to detect because it does not use specialized signatures or code obfuscation, making it difficult to detect. This paper proposes a software implant detection system based on recurrent neural networks and a classifier. The classifier is a mechanism that describes the operating behavior of the software and provides the recurrent neural network with the ability to learn. This mechanism helps to identify behavioral patterns characteristic of software implants and notify the user of the possible risk of data loss. During the experiments, it was found that in order to successfully detect a software implant that initiates the creation of additional processes, the system needs to be trained for 50 epochs. Thus, the detection efficiency is 97.50%, which indicates the possibility of using this system as an effective mechanism for detecting software implants in corporate systems. Given the results obtained, it can be recommended for use in a wide range of information systems to ensure reliable protection against potential security threats.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

—

Návaznosti

N - Vyzkumna aktivita podporovana z neverejnych zdroju

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

IntelITSIS’2024: 5th International Workshop on Intelligent Information Technologies and Systems of Information Security, March 28, 2024

ISBN

—

ISSN

1613-0073

e-ISSN

—

Počet stran výsledku

15

Strana od-do

270–284

Název nakladatele

CEUR

Místo vydání

Khmelnytskyi, Ukraine

Místo konání akce

Khmelnytskyi, Ukraine

Datum konání akce

28. 3. 2024

Typ akce podle státní příslušnosti

EUR - Evropská akce

Kód UT WoS článku

—