Distributed Discrete Malware Detection Systems Based on Partial Centralization and Self-Organization
Keywords:distributed systems, discrete systems, malware detection, principle of partial centralization, self-organization, cybersecurity, cyber threats
Malware detection remains an urgent task today. Various means for the development of information technology and providing users with useful applications are being transformed by attackers into tools for malicious influences and manifestations. A variety of countermeasures and detection tools have been developed to detect malware, but the problem of malware distribution remains relevant. It is especially important for enterprises and organizations. Their corporate networks and resources are becoming objects of interest to intruders. To counteract and prevent the effects of malware, they have various systems in place. In order to improve the counteraction to malicious influences and manifestations, the paper proposes the use of distributed discrete systems, in the architecture of which the principles of self-organization, adaptability and partial centralization are synthesized. Such tools and their functioning will be difficult to understand for attackers and, therefore, will be difficult to circumvent. The architecture of the proposed tools will integrate the implemented methods of malware detection for a holistic counteraction to malware. Such a system will be a single sensor that will detect malicious influences and anomalies. To organize its functioning, descriptions of characteristic indicators are needed. The paper presents the developed mathematical models for determining the values of characteristic indicators. According to obtained values the system architecture was formed. In order to evaluate the sustainability of the developed distributed discrete system a set of experiments were conducted. In addition, to study the accuracy of malware detection, the developed system was tested for the possibility of worm virus detection. Experimental studies have confirmed the effectiveness of the proposed solution, which makes it possible to use the obtained solutions for the development of such systems.
Security information portal Virus Bulletin, threat landscape. [Online]. Available at: https://www.virusbulletin.com/ (accessed on 10.04.2023).
The Independent IT-Security Institute. [Online]. Available at: https://www.av-test.org/en/ (accessed on 10.04.2023)
Symantec Enterprise Cloud – Broadcom Inc. [Online]. Available at: https://www.broadcom.com/products/cybersecurity
Symantec Product Categories. [Online]. Available at: https://sep.securitycloud.symantec.com/v2/landing
SNORT. Foremost Open-Source Intrusion Prevention System. [Online]. Available at: https://www.snort.org/ (accessed on 12.04.2023)
M. Van Steen, A. S. Tanenbaum, Distributed Systems, Third edition.; Preliminary version 3.01pre, 2017. ISBN: 978-90-815406-2-9.
E. Tadmor, “Mathematical aspects of self-organized dynamics: Consensus, emergence of leaders, and social hydrodynamics,” SIAM News, vol. 48, no. 9. 2015. [Online]. Available at: https://www.math.umd.edu/~tadmor/pub/flocking+consensus/SIAM%20News%2048(9)%207pp%20Tadmor%20self-organized%20dynamics.pdf.
Y. Li, Y. Jiang, “Self-organization based service discovery approach considering intermediary utility,” Proceedings of the 2016 IEEE International Conference on Web Services (ICWS), 2016, pp. 308–315, https://doi.org/10.1109/ICWS.2016.47.
F. Battiston, G. Cencetti, I. Iacopini, “Networks beyond pairwise interactions: Structure and dynamics,” Physics Reports, vol. 874, pp. 1–92, 2020. https://doi.org/10.1016/j.physrep.2020.05.004.
K. C. Laycraft, “Decision-making as a self-organizing process,” Ann. Cogn. Sci., Vol. 3, pp. 86–99, 2019. https://doi.org/10.1016/j.physrep.2020.05.004.
B. T. Pentland, P. Liu, W. Kremser, T. Haerem, “The dynamics of drift in digitized processes,” MIS Quarterly, vol. 44, pp. 19–47, 2020. https://doi.org/10.25300/MISQ/2020/14458.
O. Kinouchi, R. Pazzini, M. Copelli, “Mechanisms of self-organized quasicriticality in neuronal network models,” Frontiers in Physiology, vol. 8, article ID 583213, 2020. https://doi.org/10.3389/fphy.2020.583213.
K. Katahira, Y. Chen, E. Akiyama, “Self-organized speculation game for the spontaneous emergence of financial stylized facts,” Physica A: Statistical Mechanics and its Applications, vol. 582, article ID 126227, 2021. https://doi.org/10.1016/j.physa.2021.126227.
N. Herakovič, H. Zupan, M. Pipan, J. Protner, M. Šimic, “Distributed manufacturing systems with digital agents,” Journal of Mechanical Engineering, vol. 65, pp. 650–657, 2019. https://doi.org/10.5545/sv-jme.2019.6331.
M. Neuer, “Cognitive perception and self-organization for digital twins in cyber-physical steel production systems,” Proceedings of the Industry 4.0 and Steelmaking Webinar of Steel Times International, Future Steel Forum, Prague, Czech Republic, June 2020, https://www.researchgate.net/publication/342503882_Cognitive_perception_and_self-organization_for_digital_twins_in_cyber-physical_steel_production_systems
A. Darabseh, N. M. Freris, “A software defined architecture for cyb
erphysical systems,” Proceedings of the 2017 IEEE International Conference on Software Defined Systems (SDS), 2017, pp. 54–60, https://doi.org/10.1109/SDS.2017.7939141.
A. Darabseh, N. M. Freris, “A software-defined architecture for control of IoT cyberphysical systems,” Cluster Computing, vol 22, pp. 1107–1122, 2019. https://doi.org/10.1007/s10586-018-02889-8.
K. Bellman, C. Landauer, N. Dutt, “Self-aware cyber-physical systems,” ACM Trans. Cyber-Phys. System, vol. 4, 2020. https://doi.org/10.1145/3375716.
L. Esterle, “Chapter 17 – Deep learning in multiagent systems,” in Deep Learning for Robot Perception and Cognition, 2022, pp. 435-460, https://doi.org/10.1016/B978-0-32-385787-1.00022-1.
N. Cointe, G. Bonnet, O. Boissier, “Ethics-based cooperation in multi-agent systems,” Advances in Social Simulation, Springer, Cham, Manhattan, 2020. https://doi.org/10.1007/978-3-030-34127-5_10.
K. Han, G. Kokot, O. Tovkach, A. Glatz, I. S. Aranson, A. Snezhko, “Emergence of self-organized multivortex states in flocks of active rollers,” Proceedings of the National Academy of Sciences, vol. 117, pp. 9706–9711, 2020. https://doi.org/10.1073/pnas.2000061117.
A. Pereira Junior, W. Pickering, R. Gudwin, Systems, Self-Organisation and Information, An Interdisciplinary Perspective, Routledge, Taylor & Francis Group, Oxfordshire, UK, 2018. [Online]. Available at: https://www.routledge.com/Systems-Self-Organisation-and-Information-An-Interdisciplinary-Perspective/Alfredo-Pickering-Gudwin/p/book/9781138609938.
K. Wu, Q. Nan, “Information characteristics, processes, and mechanisms of self-organization evolution,” Complexity, article ID 5603685, 2019. https://doi.org/10.1155/2019/5603685.
Network Intrusion Detection System. [Online]. Available at: https://www.sciencedirect.com/topics/computer-science/network-based-intrusion-detection-system.
What is a Wireless Intrusion Prevention System (WIPS)? Wi-Fi Security That’s No Longer Up in the Air. [Online]. Available at: https://www.justfirewalls.com/what-is-a-wireless-intrusion-prevention-system/
H. Ashtari, “What is network behavior analysis? Definition, importance, and best practices,” Network behavior analysis solutions collect and analyze enterprise network data to identify unusual activity and counter security threats. [Online]. Available at: https://www.spiceworks.com/tech/networking/articles/network-behavior-analysis/.
O. Pomorova, O. Savenko, S. Lysenko, A. Kryshchuk, “Multi-agent based approach for botnet detection in a corporate area network using fuzzy logic,” Communications in Computer and Information Science, vol. 370, pp. 243-254, 2013. https://doi.org/10.1007/978-3-642-38865-1_16.
O. Pomorova, O. Savenko, S. Lysenko, A. Kryshchuk, K. Bobrovnikova, “Anti-evasion technique for the botnet detection based on the passive DNS monitoring and active DNS probing,” Communications in Computer and Information Science, vol. 608, pp. 83–95, 2016. https://doi.org/10.1007/978-3-319-39207-3_8.
G. Suchacka, A. Cabri, S. Rovetta, F. Masulli, “Efficient on-the-fly Web bot detection,” Knowledge-Based Systems, vol. 223, 107074, 2021. https://doi.org/10.1016/j.knosys.2021.107074.
T. Sochor, M. Zuzcak, P. Bujok, “Analysis of attackers against windows emulating honeypots in various types of networks and regions,” Proceedings of the Eighth International Conference on Ubiquitous and Future Networks (ICUFN), Vienna, Austria, 2016, pp. 863-868, https://doi.org/10.1109/ICUFN.2016.7537159.
J. K. Murthy, “A functional decomposition of virus and worm programs,” In: Qing, S., Gollmann, D., Zhou, J. (eds) Information and Communications Security. ICICS 2003. Lecture Notes in Computer Science, vol 2836. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39927-8_37.
Y. Desmedt, “Trojan horses, computer viruses, and worms,” In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA, 2011. https://doi.org/10.100.7/978-1-4419-5906-5_331
A. Sheikh, “Trojans, backdoors, viruses, and worms,” In: Certified Ethical Hacker (CEH) Preparation Guide. Apress, Berkeley, CA, 2021. https://doi.org/10.1007/978-1-4842-7258-9_5
W. Shaojie, L. Qiming, “Analysis of a mathematical model for worm virus propagation,” Advances in Information Security and Its Application. ISA 2009. Communications in Computer and Information Science, vol 36. Springer, Berlin, Heidelberg, 2009. https://doi.org/10.1007/978-3-642-02633-1_10.
V. H. Pham, M. Dacier, G. Urvoy-Keller, T. En-Najjary, “The quest for multi-headed worms,” In: Zamboni, D. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2008. Lecture Notes in Computer Science, vol 5137, 2008. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70542-0_13.
F. T. Ngo, A. Agarwal, R. Govindu, C. MacDonald, “Malicious software threats,” In: The Palgrave Handbook of International Cybercrime and Cyberdevianceб 2019 Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-90307-1_35-1.
C. Edge, W. Barker, B. Hunter, G. Sullivan, “Malware Security: Combating Viruses, Worms, and Root Kits,” In: Enterprise Mac Security, Apress, 2010. https://doi.org/10.1007/978-1-4302-2731-1_8.
G. Connolly, A. Sachenko, G. Markowsky, “Distributed traceroute approach to geographically locating IP devices,” Proceedings of the Second IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, Lviv, Ukraine, 2003, pp. 128-131, https://doi.org/10.1109/IDAACS.2003.1249532.
K. Bobrovnikova, S. Lysenko, B. Savenko, P. Gaj, O. Savenko, “Technique for IoT malware detection based on control flow graph analysis,” Radioelectronic and Computer Systems, vol. 1, 2022, pp. 141-153. https://doi.org/10.32620/reks.2022.1.11.
N. Lutsiv, T. Maksymyuk, M. Beshley, O. Lavriv, V. Andrushchak et al., “Deep semisupervised learning-based network anomaly detection in heterogeneous information systems,” Computers, Materials & Continua, vol. 70, no. 1, pp. 413–431, 2022. https://doi.org/10.32604/cmc.2022.018773.
V. Pevnev, V. Torianyk, V. Kharchenko, “Cyber security of wireless smart systems: channels of intrusions and radio frequency vulnerabilities,” Radioelectronic and Computer Systems, no. 4, pp. 79-92, 2020.
B. Savenko, S. Lysenko, K. Bobrovnikova, O. Savenko, G. Markowsky, “Detection DNS tunneling botnets,” Proceedings of the 2021 IEEE 11th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), IDAACS’2021, Cracow, Poland, September 22-25, 2021, pp. 64-69. https://doi.org/10.1109/IDAACS53288.2021.9661022.
How to Cite
LicenseInternational Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.