COMPREHENSIVE APPROACH TO THE DETECTION AND ANALYSIS OF POLYMORPHIC MALWARE

Abstract

The article examines the features of modern polymorphic malware and its impact on the functioning of computer systems. Existing approaches and methods of its detection and analysis are considered, such as: string search algorithm, intelligent data analysis, sandbox analysis, machine learning, method of developing structural functions. Their advantages and disadvantages are determined. The necessity of using a new approach, namely the detection of malicious software using probabilistic logical networks, is argued. Its advantages and development prospects are determined. In the study, a comprehensive approach consisting of 3 stages is proposed for the detection of polymorphic malware. The first one uses string search algorithms. The second is a complex of methods, including intelligent data analysis, sandbox analysis, machine learning, and the method of developing structural functions. In the third step, the use of probabilistic logical networks is proposed, which will allow establishing the probability that the software belongs to polymorphic malware. The use of the proposed integrated approach will also allow to determine the necessary methods for neutralization of detected malicious software. This approach will maximize the probability of detecting polymorphic malware.