Top

Automatic Control and Computer Sciences

Published in:

01-12-2023

Features of Detecting Malicious Installation Files Using Machine Learning Algorithms

Authors: P. E. Yugai, E. V. Zhukovskii, P. O. Semenov

Published in: Automatic Control and Computer Sciences | Issue 8/2023

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper presents a study of the possibility of using machine learning methods to detect malicious installation files related to the type of Trojan installers and downloaders. A comparative analysis of machine learning algorithms applicable for the solution of this problem is provided: the naive Bayes classifier (NBC), random forest, and C4.5 algorithm. Machine learning models are developed using the Weka software. The most significant attributes of installation files of legitimate and Trojan programs are highlighted.

previous article Analysis of Decompiled Program Code Using Abstract Syntax Trees

next article Confidentiality of Machine Learning Models

Fadilpashich, S., Fake Windows 11 upgrade installers are infected with malware, www.techradar.com, 2022. https://www.techradar.com/news/these-fake-windows-11-upgrade-installers-just-infect-you-with-malware.

Tulas, B., Malicious Notepad++ installers push StrongPity malware, 2021. https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-installers-push-strongpity-malware/.

Zegzhda, P.D., Zegzhda, D.P., and Nikolskiy, A.V., Using graph theory for cloud system security modeling, Computer Network Security. MMM-ACNS 2012, Kotenko, I. and Skormin, V., Eds., Lecture Notes in Computer Science, vol. 7531, Berlin: Springer, 2012, pp. 309–318. https://doi.org/10.1007/978-3-642-33704-8_26CrossRef

Zegzhda, D.P., Aleksandrova, E.B., Kalinin, M.O., et al., Kiberbezopasnost’ tsifrovoi industrii. Teoriya i praktika funktsional’noi ustoichivosti k kiberatakam (Cybersecurity of Digital Industry: Theory and Practice of Functional Stability to Cyber Attacks), Zegzhda, D.P., Ed., Moscow: Goryachaya Liniya-Telekom, 2021.

Zegzhda, D.P., Zegzhda, P.D., and Kalinin, M.O., Clarifying integrity control at the trusted information environment, Computer Network Security. MMM-ACNS 2010, Kotenko, I. and Skormin, V., Eds., Lecture Notes in Computer Science, vol. 6258, Berlin: Springer, 2010, pp. 337–344. https://doi.org/10.1007/978-3-642-14706-7_27CrossRef

Lavrova, D., Zegzhda, D., and Yarmak, A., Using GRU neural network for cyber-attack detection in automated process control systems, 2019 IEEE Int. Black Sea Conf. on Communications and Networking (BlackSeaCom), Sochi, 2019, IEEE, 2019. https://doi.org/10.1109/blackseacom.2019.8812818

Zegzhda, D., Pavlenko, E., and Aleksandrova, E., Modelling artificial immunization processes to counter cyberthreats, Symmetry, 2021, vol. 13, no. 12, p. 2453. https://doi.org/10.3390/sym13122453ADSCrossRef

Belenko, V., Krundyshev, V., and Kalinin, M., Intrusion detection for Internet of Things applying metagenome fast analysis, 2019 Third World Conf. on Smart Trends in Systems Security and Sustainablity (WorldS4), London, 2019, IEEE, 2019, pp. 129–135. https://doi.org/10.1109/worlds4.2019.8904022

Minin, A. and Kalinin, M., Information security in computer networks with dynamic topology, Proc. 8th Int. Conf. on Security of Information and Networks, Sochi, 2015, New York: Association for Computing Machinery, 2015, pp. 127–130. https://doi.org/10.1145/2799979.2800023

10.

Lukach, Yu.S., Structure of executable files in Win32 and Win64. http://cs.usu.edu.ru/docs/pe/.

11.

Adamov, A. and Saprykin, A., The problem of Trojan inclusions in software and hardware, 2010 East-West Design & Test Symp. (EWDTS), St. Petersburg, 2010, IEEE, 2010, pp. 449–451. https://doi.org/10.1109/ewdts.2010.5742081

12.

Pal, M. and Mather, P.M., Decision tree based classification of remotely sensed data, 22nd Asian Conf. on Remote Sensing, Singapore, 2014, pp. 9–16.

13.

Belenko, V., Chernenko, V., Kalinin, M., and Krundyshev, V., Evaluation of GAN applicability for intrusion detection in self-organizing networks of cyber physical systems, 2018 Int. Russian Automation Conf. (RusAutoCon), Sochi, 2018, IEEE, 2018, pp. 1–7. https://doi.org/10.1109/rusautocon.2018.8501783

14.

Kalinin, M. and Krundyshev, V., Sequence alignment algorithms for intrusion detection in the internet of things, Nonlinear Phenom. Complex Syst., 2020, vol. 23, no. 4, pp. 397–404. https://doi.org/10.33581/1561-4085-2020-23-4-397-404CrossRef

15.

Khsina, B., Merbukha, A., Ezzikuri, Kh., and Erritali, M., Comparative study of decision tree ID3 and C4.5, Mezhdunarodnyi Zh. Peredovykh Komp’yuternykh Nauk Prilozhenii, 2014, pp. 3–7.

16.

Kaftannikov, I.L. and Parasich, A.V., Decision tree’s features of application in classification problems, Vestn. Yuzhno-Ural. Gos. Univ. Ser.: Komp’yuternye Tekhnol., Upr., Radioelektron., 2015, vol. 15, no. 3, pp. 26–32. https://doi.org/10.14529/ctcr150304CrossRef

Title: Features of Detecting Malicious Installation Files Using Machine Learning Algorithms
Authors: P. E. Yugai
E. V. Zhukovskii
P. O. Semenov
Publication date: 01-12-2023
Publisher: Pleiades Publishing
Published in: Automatic Control and Computer Sciences / Issue 8/2023
Print ISSN: 0146-4116
Electronic ISSN: 1558-108X
DOI: https://doi.org/10.3103/S0146411623080333

Springer Professional

Abstract

Please log in to get access to your license.

Other articles of this Issue 8/2023

Finding Enumerators for Generalized (L, G)-Code

A Method of Network Access Control for Ensuring Network Infrastructure Security Based on Severing Superfluous Network Connectivity

Early Detection of Network Attacks Based on Weight-Insensitive Neural Networks

Method for Detecting Manipulation Attacks on Recommender Systems with Collaborative Filtering

Decimation of M Sequences As a Way of Obtaining Primitive Polynomials

Framework for Modeling Security Policies of Big Data Processing Systems