Distributed Discrete Malware Detection Systems Based on Partial Centralization and Self-Organization

Sergii Lysenko; Bohdan Savenko

doi:10.47839/ijc.22.2.3082

Authors

Sergii Lysenko
Bohdan Savenko

DOI:

https://doi.org/10.47839/ijc.22.2.3082

Keywords:

distributed systems, discrete systems, malware detection, principle of partial centralization, self-organization, cybersecurity, cyber threats

Abstract

Malware detection remains an urgent task today. Various means for the development of information technology and providing users with useful applications are being transformed by attackers into tools for malicious influences and manifestations. A variety of countermeasures and detection tools have been developed to detect malware, but the problem of malware distribution remains relevant. It is especially important for enterprises and organizations. Their corporate networks and resources are becoming objects of interest to intruders. To counteract and prevent the effects of malware, they have various systems in place. In order to improve the counteraction to malicious influences and manifestations, the paper proposes the use of distributed discrete systems, in the architecture of which the principles of self-organization, adaptability and partial centralization are synthesized. Such tools and their functioning will be difficult to understand for attackers and, therefore, will be difficult to circumvent. The architecture of the proposed tools will integrate the implemented methods of malware detection for a holistic counteraction to malware. Such a system will be a single sensor that will detect malicious influences and anomalies. To organize its functioning, descriptions of characteristic indicators are needed. The paper presents the developed mathematical models for determining the values of characteristic indicators. According to obtained values the system architecture was formed. In order to evaluate the sustainability of the developed distributed discrete system a set of experiments were conducted. In addition, to study the accuracy of malware detection, the developed system was tested for the possibility of worm virus detection. Experimental studies have confirmed the effectiveness of the proposed solution, which makes it possible to use the obtained solutions for the development of such systems.

References

Security information portal Virus Bulletin, threat landscape. [Online]. Available at: https://www.virusbulletin.com/ (accessed on 10.04.2023).

The Independent IT-Security Institute. [Online]. Available at: https://www.av-test.org/en/ (accessed on 10.04.2023)

Symantec Enterprise Cloud – Broadcom Inc. [Online]. Available at: https://www.broadcom.com/products/cybersecurity

Symantec Product Categories. [Online]. Available at: https://sep.securitycloud.symantec.com/v2/landing

SNORT. Foremost Open-Source Intrusion Prevention System. [Online]. Available at: https://www.snort.org/ (accessed on 12.04.2023)

M. Van Steen, A. S. Tanenbaum, Distributed Systems, Third edition.; Preliminary version 3.01pre, 2017. ISBN: 978-90-815406-2-9.

E. Tadmor, “Mathematical aspects of self-organized dynamics: Consensus, emergence of leaders, and social hydrodynamics,” SIAM News, vol. 48, no. 9. 2015. [Online]. Available at: https://www.math.umd.edu/~tadmor/pub/flocking+consensus/SIAM%20News%2048(9)%207pp%20Tadmor%20self-organized%20dynamics.pdf.

Y. Li, Y. Jiang, “Self-organization based service discovery approach considering intermediary utility,” Proceedings of the 2016 IEEE International Conference on Web Services (ICWS), 2016, pp. 308–315, https://doi.org/10.1109/ICWS.2016.47.

F. Battiston, G. Cencetti, I. Iacopini, “Networks beyond pairwise interactions: Structure and dynamics,” Physics Reports, vol. 874, pp. 1–92, 2020. https://doi.org/10.1016/j.physrep.2020.05.004.

K. C. Laycraft, “Decision-making as a self-organizing process,” Ann. Cogn. Sci., Vol. 3, pp. 86–99, 2019. https://doi.org/10.1016/j.physrep.2020.05.004.

B. T. Pentland, P. Liu, W. Kremser, T. Haerem, “The dynamics of drift in digitized processes,” MIS Quarterly, vol. 44, pp. 19–47, 2020. https://doi.org/10.25300/MISQ/2020/14458.

O. Kinouchi, R. Pazzini, M. Copelli, “Mechanisms of self-organized quasicriticality in neuronal network models,” Frontiers in Physiology, vol. 8, article ID 583213, 2020. https://doi.org/10.3389/fphy.2020.583213.

K. Katahira, Y. Chen, E. Akiyama, “Self-organized speculation game for the spontaneous emergence of financial stylized facts,” Physica A: Statistical Mechanics and its Applications, vol. 582, article ID 126227, 2021. https://doi.org/10.1016/j.physa.2021.126227.

N. Herakovič, H. Zupan, M. Pipan, J. Protner, M. Šimic, “Distributed manufacturing systems with digital agents,” Journal of Mechanical Engineering, vol. 65, pp. 650–657, 2019. https://doi.org/10.5545/sv-jme.2019.6331.

M. Neuer, “Cognitive perception and self-organization for digital twins in cyber-physical steel production systems,” Proceedings of the Industry 4.0 and Steelmaking Webinar of Steel Times International, Future Steel Forum, Prague, Czech Republic, June 2020, https://www.researchgate.net/publication/342503882_Cognitive_perception_and_self-organization_for_digital_twins_in_cyber-physical_steel_production_systems

A. Darabseh, N. M. Freris, “A software defined architecture for cyb

erphysical systems,” Proceedings of the 2017 IEEE International Conference on Software Defined Systems (SDS), 2017, pp. 54–60, https://doi.org/10.1109/SDS.2017.7939141.

A. Darabseh, N. M. Freris, “A software-defined architecture for control of IoT cyberphysical systems,” Cluster Computing, vol 22, pp. 1107–1122, 2019. https://doi.org/10.1007/s10586-018-02889-8.

K. Bellman, C. Landauer, N. Dutt, “Self-aware cyber-physical systems,” ACM Trans. Cyber-Phys. System, vol. 4, 2020. https://doi.org/10.1145/3375716.

L. Esterle, “Chapter 17 – Deep learning in multiagent systems,” in Deep Learning for Robot Perception and Cognition, 2022, pp. 435-460, https://doi.org/10.1016/B978-0-32-385787-1.00022-1.

N. Cointe, G. Bonnet, O. Boissier, “Ethics-based cooperation in multi-agent systems,” Advances in Social Simulation, Springer, Cham, Manhattan, 2020. https://doi.org/10.1007/978-3-030-34127-5_10.

K. Han, G. Kokot, O. Tovkach, A. Glatz, I. S. Aranson, A. Snezhko, “Emergence of self-organized multivortex states in flocks of active rollers,” Proceedings of the National Academy of Sciences, vol. 117, pp. 9706–9711, 2020. https://doi.org/10.1073/pnas.2000061117.

A. Pereira Junior, W. Pickering, R. Gudwin, Systems, Self-Organisation and Information, An Interdisciplinary Perspective, Routledge, Taylor & Francis Group, Oxfordshire, UK, 2018. [Online]. Available at: https://www.routledge.com/Systems-Self-Organisation-and-Information-An-Interdisciplinary-Perspective/Alfredo-Pickering-Gudwin/p/book/9781138609938.

K. Wu, Q. Nan, “Information characteristics, processes, and mechanisms of self-organization evolution,” Complexity, article ID 5603685, 2019. https://doi.org/10.1155/2019/5603685.

Network Intrusion Detection System. [Online]. Available at: https://www.sciencedirect.com/topics/computer-science/network-based-intrusion-detection-system.

What is a Wireless Intrusion Prevention System (WIPS)? Wi-Fi Security That’s No Longer Up in the Air. [Online]. Available at: https://www.justfirewalls.com/what-is-a-wireless-intrusion-prevention-system/

H. Ashtari, “What is network behavior analysis? Definition, importance, and best practices,” Network behavior analysis solutions collect and analyze enterprise network data to identify unusual activity and counter security threats. [Online]. Available at: https://www.spiceworks.com/tech/networking/articles/network-behavior-analysis/.

O. Pomorova, O. Savenko, S. Lysenko, A. Kryshchuk, “Multi-agent based approach for botnet detection in a corporate area network using fuzzy logic,” Communications in Computer and Information Science, vol. 370, pp. 243-254, 2013. https://doi.org/10.1007/978-3-642-38865-1_16.

O. Pomorova, O. Savenko, S. Lysenko, A. Kryshchuk, K. Bobrovnikova, “Anti-evasion technique for the botnet detection based on the passive DNS monitoring and active DNS probing,” Communications in Computer and Information Science, vol. 608, pp. 83–95, 2016. https://doi.org/10.1007/978-3-319-39207-3_8.

G. Suchacka, A. Cabri, S. Rovetta, F. Masulli, “Efficient on-the-fly Web bot detection,” Knowledge-Based Systems, vol. 223, 107074, 2021. https://doi.org/10.1016/j.knosys.2021.107074.

T. Sochor, M. Zuzcak, P. Bujok, “Analysis of attackers against windows emulating honeypots in various types of networks and regions,” Proceedings of the Eighth International Conference on Ubiquitous and Future Networks (ICUFN), Vienna, Austria, 2016, pp. 863-868, https://doi.org/10.1109/ICUFN.2016.7537159.

J. K. Murthy, “A functional decomposition of virus and worm programs,” In: Qing, S., Gollmann, D., Zhou, J. (eds) Information and Communications Security. ICICS 2003. Lecture Notes in Computer Science, vol 2836. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39927-8_37.

Y. Desmedt, “Trojan horses, computer viruses, and worms,” In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA, 2011. https://doi.org/10.100.7/978-1-4419-5906-5_331

A. Sheikh, “Trojans, backdoors, viruses, and worms,” In: Certified Ethical Hacker (CEH) Preparation Guide. Apress, Berkeley, CA, 2021. https://doi.org/10.1007/978-1-4842-7258-9_5

W. Shaojie, L. Qiming, “Analysis of a mathematical model for worm virus propagation,” Advances in Information Security and Its Application. ISA 2009. Communications in Computer and Information Science, vol 36. Springer, Berlin, Heidelberg, 2009. https://doi.org/10.1007/978-3-642-02633-1_10.

V. H. Pham, M. Dacier, G. Urvoy-Keller, T. En-Najjary, “The quest for multi-headed worms,” In: Zamboni, D. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2008. Lecture Notes in Computer Science, vol 5137, 2008. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70542-0_13.

F. T. Ngo, A. Agarwal, R. Govindu, C. MacDonald, “Malicious software threats,” In: The Palgrave Handbook of International Cybercrime and Cyberdevianceб 2019 Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-90307-1_35-1.

C. Edge, W. Barker, B. Hunter, G. Sullivan, “Malware Security: Combating Viruses, Worms, and Root Kits,” In: Enterprise Mac Security, Apress, 2010. https://doi.org/10.1007/978-1-4302-2731-1_8.

G. Connolly, A. Sachenko, G. Markowsky, “Distributed traceroute approach to geographically locating IP devices,” Proceedings of the Second IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, Lviv, Ukraine, 2003, pp. 128-131, https://doi.org/10.1109/IDAACS.2003.1249532.

K. Bobrovnikova, S. Lysenko, B. Savenko, P. Gaj, O. Savenko, “Technique for IoT malware detection based on control flow graph analysis,” Radioelectronic and Computer Systems, vol. 1, 2022, pp. 141-153. https://doi.org/10.32620/reks.2022.1.11.

N. Lutsiv, T. Maksymyuk, M. Beshley, O. Lavriv, V. Andrushchak et al., “Deep semisupervised learning-based network anomaly detection in heterogeneous information systems,” Computers, Materials & Continua, vol. 70, no. 1, pp. 413–431, 2022. https://doi.org/10.32604/cmc.2022.018773.

V. Pevnev, V. Torianyk, V. Kharchenko, “Cyber security of wireless smart systems: channels of intrusions and radio frequency vulnerabilities,” Radioelectronic and Computer Systems, no. 4, pp. 79-92, 2020.

B. Savenko, S. Lysenko, K. Bobrovnikova, O. Savenko, G. Markowsky, “Detection DNS tunneling botnets,” Proceedings of the 2021 IEEE 11th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), IDAACS’2021, Cracow, Poland, September 22-25, 2021, pp. 64-69. https://doi.org/10.1109/IDAACS53288.2021.9661022.

International Journal of Computing

Distributed Discrete Malware Detection Systems Based on Partial Centralization and Self-Organization

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Information