Malicious software identification system provision on the basis of context-free grammars

Main Article Content

Svitlana Gavrylenko
Victor Chelak
https://orcid.org/0000-0001-8810-3394
Velizar Vassilev

Abstract

The subject of the article is the study of methods for identifying malicious software in computer systems. The goal is to study existing models of virus detection on the basis of formal languages and grammars and to improve the model through the use of LL(1)-grammar. Objective: to develop a mathematical model for identifying malicious software based on context-free grammar; choose an effective algorithm for its job, develop a software model and perform testing. The methods used are: formal languages and grammars, mathematical models based on deterministic pushdown automatons. The following results have been obtained. The choice of grammar and the model of the pushdown automaton is substantiated. The software is developed, which generates the transfer functions of pushdown automaton in accordance with the given grammar rules, analyzes the input file for presence of the specified attributes, characteristic for malicious software, and simulates the work of the deterministic top-down pushdown automaton. Based on the result of the work of pushdown automaton, a conclusion is drawn about the possibility of the computer system being infected. Conclusions. Scientific novelty of the obtained results is as follows: the existing models of antivirus scanners on the basis of formal languages and grammars are investigated; the model was improved due to the use of LL(1)-grammar, the software was developed and the testing performed. The conducted experimental studies confirm the possibility of using the proposed approach as an additional means to detect the detection of malicious software.

Article Details

How to Cite
Gavrylenko, S., Chelak, V., & Vassilev, V. (2018). Malicious software identification system provision on the basis of context-free grammars. Advanced Information Systems, 2(2), 101–105. https://doi.org/10.20998/2522-9052.2018.2.17
Section
Methods of information systems protection
Author Biographies

Svitlana Gavrylenko, National Technical University "Kharkiv Polytechnic Institute", Kharkiv

Candidate of Technical Sciences, Associate Professor, Professor of the Department of Computing Technology and Programming

Victor Chelak, National Technical University "Kharkiv Polytechnic Institute", Kharkiv

Student of the Department of Computing Technology and Programming

Velizar Vassilev, Technical University - Sofia, Sofia

Candidate of Technical Sciences, Associate Professor of Engineering Faculty

References

Unecek, R., Sinitsyn, F., Parinov, D. and Stolyarov V. (2017), Development of Information Threats in the First Quarter of 2017. Statistics, available at: https://securelist.ru/analysis/malware-quarterly/30657/it-threat-evolution-q1-2017-statistics (last ac-cessed February 08, 2018).

Cyberexpert estimated the damage from the Petya virus in the world, available at:

https://tsn.ua/svit/kiberekspert-ociniv-zbitki-vid-virusu-petya-a-u-sviti-953633.htm (last accessed February 08, 2018).

Shelukhin, O.I., Sakalema, D.Zh. and Filinova A.S. (2013), Intrusion Detection into Computer Networks, Moscow, 220 p.

Goshko, S.V. (2009), Technologies for combating computer viruses, Solon-Press, Moscow, 352 p.

Kaspersky, K. (2012), Notes of the researcher of computer viruses, Peter, St. Petersburg., 316 p.

Kaspersky, K. (2011), Computer viruses from the inside and out, Peter, St. Petersburg., 527 p.

Semenov, S.G., Davydov, V.V. and Gavrilenko S.Yu. (2014), Data Protection in Computerized Control Systems, LAP LAMBERT ACADEMIC PUBLISHING, Germany, 236 p.

Formal methods for protecting information in computer networks, available at: http://docplayer.ru/55189122-Proekt-1994p-formalnye-metody-zashchity-informacii-v-kompyuternyh-setyah.html (last accessed February 08, 2018).

Eric Filiol (2007), “Metamorphism, Formal Grammars and Undecidable Code Mutation”, International Journal of Computer and Information Engineering, Vol.1, No. 2, pр. 281-286, available at: https://waset.org/publications/1369/metamorphism-formal-grammars-and-undecidable-code-mutation (last accessed February 08, 2018).

Kotenko, I.V. (2002), “Restoration of formal grammars, setting the scenarios of computer attacks on the pre-dates”, Artificial Intelligence, Saint-Petersburg, No. 3, pp. 584-589.

Klymentyev K.E. (2013), Computer viruses and antiviruses: a programmer's view, DMK Press, Moscow, 656 p.

Zbitsky, P.V. (2009), Model of metamorphic transformation of executable code, Computer technologies, management, radio electronics, Russian Federation, No. 10, pp. 57-61.

Savenko, O.S., Lysenko, S.M. and Nichiporuk A.O. (2014), “Model for the process of diagnosing computer systems for the presence of polymorphic and metamorphic code”, Information technology and computer engineering, Vol. 3 [12], pp. 46-51.

Nichiporuk, A.O. and Savenko O.S. (2013), “Models of the Life Cycle of Polymorphic Viruses”, Computer-Integrated Tech-nologies: Education, Science, Production, Lutsk, No. 11, pp. 64-71.

Derevyanko, O.S., Mezheritsky, S.G., Gavrilenko, S.Yu. and Klimenko A.M. (2009), System Programming. System service components, NTU "KhPI", Kharkov, 160 p.

Alfred, A., Rabbi, S. and Ullman D. (2001), Compilers. Principles, technologies, tools, Moscow-St. Petersburg-Kyiv, 768 p.

Gordeev, A.V. and Molchanov, A.Yu. (2002), System software, Peter, St. Petersburg., 734 p.