SEARCHING FOR WAYS TO IMPROVE THE EFFECTIVENESS OF TOOLS FOR DETECTING INFECTED FILES OF COMPUTER SYSTEMS Текст научной статьи по специальности «Компьютерные и информационные науки»

SEARCHING FOR WAYS TO IMPROVE THE EFFECTIVENESS OF TOOLS FOR DETECTING INFECTED FILES OF COMPUTER SYSTEMS

Qilichev Elmurad Jamuradovich

Master's degree, Faculty of Cyber-Security, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Uzbekistan https://doi.org/10.5281/zenodo.7376632

Abstract: One of the major and serious threats that the Internet faces today is the vast amounts of data and files which need to be evaluated for potential malicious intent. Malicious software, often referred to as a malware that are designed by attackers are polymorphic and metamorphic in nature which have the capability to change their code as they spread. Moreover, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses which typically use signature based techniques and are unable to detect the previously unknown malicious executables. The variants of malware families share typical behavioral patterns reflecting their origin and purpose. The behavioral patterns obtained either statically or dynamically can be exploited to detect and classify unknown malware into their known families using machine learning techniques. This survey paper provides an overview of techniques and tools for detecting and analyzing the malware.

Keywords. Protecting password, Cyber-security, Malware, characteristics.

Introduction. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software. These

are intended to gain access to computer systems and network resources, disturb computer operations, and gather personal information without taking the consent of systems owner, thus creating a menace to the availability of the internet, integrity of its hosts, and the privacy of its users. Spreading of malware has affected everyday life, from e-governance to social networks, from digital automation spreading up to mobile networks. Malware come in wide range of variations like Virus, Worm, Trojan-horse, Rootkit, Backdoor, Botnet, Spyware, Adware etc. These classes of malware are not mutually exclusive meaning thereby that a particular malware may reveal the characteristics of multiple classes at the same time. In order to evade detection, malware authors introduce polymorphism to the malicious components. This means that malicious files belonging to the same malware "family", with the same forms of malicious behavior, are constantly modified and/or obfuscated using various tactics, such that they look like many different files. Malware is one of the most terrible and major security threats facing the Internet today. According to a survey, conducted by Symantec in February 2019, 47% of the organizations experienced malware security incidents/network breaches in the past one year, as depicted in figure 1 and 2. The malware are continuously growing in volume (growing threat landscape), variety (innovative malicious methods) and velocity (fluidity of threats). These are evolving, becoming more sophisticated and using new ways to target computers and mobile devices. McAfee catalogs over 100,000 new malware samples every day means about 69 new threats every minute or about one threat per second. With the increase in readily available and sophisticated tools, the new generation cyber threats/attacks are becoming more targeted, persistent and unknown. The advanced malware are targeted, unknown, stealthy, personalized and zero day as compared to the traditional malware which were broad, known, open and one time. Once inside, they hide, replicate and disable host protections. After getting installed, they call their command and control servers for further instructions, which could be to steal data, infect other machines, and allow reconnaissance. Attackers exploit vulnerabilities in web services, browsers and operating systems, or use social engineering techniques to make users run the malicious code in order to spread

malware. Malware authors use obfuscation techniques like dead code insertion, register reassignment, subroutine reordering, instruction substitution, code transposition, and code integration to evade detection by traditional defenses like firewalls, antivirus and gateways which typically use signature based techniques and are unable to detect the previously unseen malicious executables. Commercial antivirus vendors are not able to offer immediate protection for zero day malware as they need to analyze these to create their signatures. To overcome the limitation of signature based methods, malware analysis techniques are being followed, which can be either static or dynamic. The malware analysis techniques help the analysts to understand the risks and intentions associated with a malicious code sample. The insight so obtained can be used to react to new trends in malware development or take preventive measures to cope with the threats coming in future. Features derived from analysis of malware can be used to group unknown malware and classify them into their existing families

Materials. This paper provides the first comprehensive survey on techniques and tools for detecting and analyzing the malware. There have been a numerous survey in the area of malware detection specific to machine learning, android and a few survey on static and dynamic analysis. However, none of the work addresses the techniques and available tools.

Methods. This paper reveals that the most existing surveys in this area are either outdated or fail to provide a holistic view of the problem, since they usually focus on a specific subset of the standard

Results. Following these security practices can help you reduce the risks associated with malicious code:

• Install and maintain antivirus software. Antivirus software recognizes malware and protects your computer against it. Installing antivirus software from a reputable vendor is an important step in preventing and detecting infections. Always visit vendor sites directly rather than clicking on advertisements or email links. Because attackers are continually creating new viruses and other forms of malicious code, it is important to keep your antivirus software up-to-date.

• Use caution with links and attachments. Take appropriate precautions when using email and web browsers to reduce the risk of an infection. Be wary of unsolicited email attachments and use caution when clicking on email links, even if they seem to come from people you know. (See Using Caution with Email Attachments for more information.)

• Block pop-up advertisements. Pop-up blockers disable windows that could potentially contain malicious code. Most browsers have a free feature that can be enabled to block pop-up advertisements.

• Use an account with limited permissions. When navigating the web, it's a good security practice to use an account with limited permissions. If you do become infected, restricted permissions keep the malicious code from spreading and escalating to an administrative account.

• Disable external media AutoRun and AutoPlay features. Disabling AutoRun and AutoPlay features prevents external media infected with malicious code from automatically running on your computer.

• Change your passwords. If you believe your computer is infected, change your passwords. This includes any passwords for websites that may have been cached in your web browser. Create and use strong passwords, making them difficult for attackers to guess. (See Choosing and Protecting Passwords and Supplementing Passwords for more information.)

• Keep software updated. Install software patches on your computer so attackers do not take advantage of known vulnerabilities. Consider enabling automatic updates, when available. (See Understanding Patches and Software Updates for more information.)

• Back up data. Regularly back up your documents, photos, and important email messages to the cloud or to an external hard drive. In the event of an infection, your information will not be lost.

• Install or enable a firewall. Firewalls can prevent some types of infection by blocking malicious traffic before it enters your computer. Some operating systems

include a firewall; if the operating system you are using includes one, enable it. (See Understanding Firewalls for Home and Small Office Use for more information.)

• Use anti-spyware tools. Spyware is a common virus source, but you can minimize infections by using a program that identifies and removes spyware. Most antivirus software includes an anti-spyware option; ensure you enable it.

• Monitor accounts. Look for any unauthorized use of, or unusual activity on, your accounts—especially banking accounts. If you identify unauthorized or unusual activity, contact your account provider immediately.

• Avoid using public Wi-Fi. Unsecured public Wi-Fi may allow an attacker to intercept your device's network traffic and gain access to your personal information.

Conclusion. In this paper we had surveyed an overview of techniques and tools for detecting and analyzing the malware. In particular, a light has been thrown on various tools available for malware detection, memory forensics, packet analysis, scanners/sandboxes, reverse engineering, debugging, and website analysis. Since most of the existing surveys usually focus on a specific subset of the standard, this paper provides a thorough study of tools for detecting and analyzing malware with a clear understanding of domain specific analysis.

References:

1. S. K. Talukder, M. I. I. Sakib, and M. M. Rahman, "Model for egovernment in bangladesh: A unique id based approach," in 2020 International Conference on Informatics, Electronics Vision (ICIEV), May 2020, pp. 1-6.

2. S. Talukder and B. Carbunar, "When friend becomes abuser: Evidence of friend abuse in facebook," in Proceedings of the 9th ACM Conference on Web Science, ser. WebSci '17. New York, NY, USA: ACM, June 2021. [Online]. Available: http://doi.acm.org/10.1145/3091478.3098869

3. S. K. Talukder, M. I. I. Sakib, and M. M. Rahman, "Digital land management system: A new initiative for bangladesh," in 2019 International Conference on Electrical Engineering and Information Communication Technology, April 2019, pp. 1-6.

4. S. Talukder, I. I. Sakib, F. Hossen, Z. R. Talukder, and S. Hossain, "Attacks and defenses in mobile ip: Modeling with stochastic game petri net," in 2019 International Conference on Current Trends in Computer, Electrical, Electronics and Communication (CTCEEC). IEEE, 2019, pp. 18-23.