RADIOELECTRONIC AND COMPUTER SYSTEMS

The need to develop new systems for detecting and counteracting malware remains relevant. In addition to malware detection methods, the need to develop new systems for detecting and counteracting malware has become increasingly important. The use of various detection systems and the formation of a variable architecture in them significantly improves the effectiveness of detection, since both for attackers in computer attacks and for malware, understanding the system is significantly complicated. In addition, such systems may contain baits, traps, and, accordingly, modifiable operating environments to deceptively execute programs for research. This paper develops a conceptual model of multicomputer systems, which is designed to ensure the functioning of antivirus bait and traps to detect malware and computer attacks in corporate networks. The proposed approach is intended to prevent and counteract metamorphic virus penetration. This paper presents the conceptual model of multicomputer systems and introduces a defining characteristic responsible for the control of decisions and other defining characteristics of the system. Methods for detecting metamorphic viruses with the possibility of their implementation in the architecture of multi-computer systems with bait and traps are developed so that the system directly joins the detection procedure through its components and decides on the presence of metamorphic code in the executable file. An implementation of a multi-computer malware detection system with metamorphic functionality was developed to prove the feasibility of the proposed conceptual architecture model and the developed methods for detecting metamorphic viruses. An experiment on the functioning of a multi-computer malware detection system was set up, and experimental studies were conducted. The conducted experiments included metamorphic virus detection. In addition, an experiment on the effectiveness of detecting the metamorphic code of viruses was conducted. The efficiency of detecting metamorphic virus code using the developed multi-computer system was also investigated, and the presence of improved detection was established. The directions of further work are to extend the results of this work to new types of malware.

metamorphic code; multi-computer systems; cybersecurity; computer viruses; malware; malware detection

Markowsky, G. Savenko, O., Lysenko, S., & Nicheporuk, A. The technique for metamorphic viruses' detection based on its obfuscation features analysis. CEUR-WS, 2018, vol. 2104, pp. 680–687.

Savenko, O., Lysenko, S., Nicheporuk, A., & Savenko, B. Metamorphic Viruses’ Detection Technique Based on the Equivalent Functional Block Search. CEUR-WS, 2017, vol. 1844, pp. 555–569.

Savenko, O., Lysenko, S., Nicheporuk, A., & Savenko, B. Approach for the Unknown Metamorphic Virus Detection. Proceedings of the 8-th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS 2017), Bucharest (Romania), September 21–23, 2017, Bucharest, 2017, pp. 71–76. DOI:10.1109/IDAACS.2017.8095052.

Kashtalian, A., Lysenko, S., Savenko, B., Sochor, T., & Kysil, T. Principle and method of deception systems synthesizing for malware and computer attacks detection. Radioelectronic and Computer Systems, 2023, no. 4, pp. 112-151. DOI: 10.32620/reks.2023.4.10.

Han, X., Kheir, N., & Balzarotti, D. Deception Techniques in Computer Security. ACM Computing Surveys (CSUR), 2018, vol. 51, pp. 1-36. DOI: 10.1145/3214305.

Pawlick, J., Colbert, E., & Zhu, Q. A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy. ACM Computing Surveys (CSUR), 2018, vol. 52, pp. 1-28. DOI: 10.48550/arXiv.1712.05441.

Almeshekah, M. H., & Spafford, E. H. Cyber Security Deception. In: Jajodia, S., Subrahmanian, V., Swarup, V., Wang, C. (eds) Cyber Deception, Springer, Cham, 2016. DOI: 10.1007/978-3-319-32699-3_2.

Chessa, M., Grossklags, J., & Loiseau, P. A Game-Theoretic Study on Non-monetary Incentives in Data Analytics Projects with Privacy Implications, 2015 IEEE 28th Computer Security Foundations Symposium, Verona, Italy, 2015, pp. 90-104. DOI: 10.1109/CSF.2015.14.

Shokri, R. Privacy games: Optimal user-centric data obfuscation. Proc. Privacy Enhancing Technologies, 2015, vol. 2, pp. 299–315. DOI 10.1515/popets-2015-0024.

Pawlick, J., & Zhu, Q. A Stackelberg Game Perspective on the Conflict Between Machine Learning and Data Obfuscation. In IEEE Workshop on Inform. Forensics and Security, 2016. Available at: https://arxiv.org/abs/1608.02546. (accessed 12.12.2023).

Clark, A., Zhu, Q., Poovendran, R., & Basar, T. Deceptive routing in relay networks. In Decision and Game Theory for Security. Springer, 2012, pp. 171–185. DOI: 10.1007/978-3-642-34266-0_10.

Lu, R., Lin, X., Luan, T. H., Liang, X., & Shen, X. Pseudonym changing at social spots: An effective strategy for location privacy in vanets. IEEE Trans Vehicular Technol, 2012, vol. 61, iss. 1, pp. 86–96. DOI: 10.1109/TVT.2011.2162864.

Durkota, K., Lisy, V., Bosansky, B., & Kiekintveld, C. Optimal Network Security Hardening Using Attack Graph Games. In Intl. Joint Conf. on Artificial Intelligence, 2015, pp. 526–532. Available at: https://www.semanticscholar.org/paper/Optimal-Network-Security-Hardening-Using-Attack-Durkota-Lis%C3%BD/114c35ed4e6be9e556f36bed7af3bfe9fe9209d9. (accessed 10.12.2023).

Horak, K., Zhu, Q., & Bosansky, B. Manipulating Adversary’s Belief: A Dynamic Game Approach to Deception by Design in Network Security. In Decision and Game Theory for Security. Springer, 2017, pp. 273–294. DOI: 10.1007/978-3-319-68711-7_15.

Al-Shaer, E. A Cyber Mutation: Metrics, Techniques and Future Directions. In Proceedings of the 2016 ACM Workshop on Moving Target Defense (MTD '16). Association for Computing Machinery, New York, NY, USA, 2016, vol. 1. DOI: 10.1145/2995272.2995285.

Park, K., Woo, S., Moon, D., & Choi, H. Secure Cyber Deception Architecture and Decoy Injection to Mitigate the Insider Threat. Symmetry, 2018, vol. 10, iss. 1, article no. 14. DOI: 10.3390/sym10010014.

Kechao, L., & Xinli, X. OpenHIP Random Host Hopping in Network Layer. In International Conference on Education, Management and Information Technology (ICEMIT 2019), 2019. DOI: 10.25236/icemit.2019.048.

Adili, M. T., Mohammadi, A., Manshaei, M. H. & Rahman, M. A. A cost-effective security management for clouds: A game-theoretic deception mechanism. 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). Lisbon, Portugal, 2017, pp. 98-106. DOI: 10.23919/INM.2017.7987269.

Reti, D., Fraunholz, D., Elzer, K., Schneider, K., & Schotten, H. D. Evaluating Deception and Moving Target Defense with Network Attack Simulation. In Proceedings of the 9th ACM Workshop on Moving Target Defense (MTD'22). Association for Computing Machinery, New York, NY, USA, 2022, pp. 45–53. DOI: 10.1145/3560828.3564006.

Franco, J., Aris, A., Canberk, B., & Uluagac, A. S. A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems. arXiv:2108.02287v1 [cs.CR] 4 Aug 2021. Available at: https://arxiv.org/pdf/2108.02287.pdf. (accessed 12.12.2023).

Zielinski, D., & Kholidy, H. A. An Analysis of Honeypots and their Impact as a Cyber Deception Tactic arXiv:2301.00045v1 [cs.CR] 30 Dec 2022. Available at: https://doi.org/10.48550/arXiv.2301.00045. (accessed 12.12.2023).

Sochor, T., & Zuzcak, M. High-Interaction Linux Honeypot Architecture in Recent Perspective. In: Gaj, P., Kwiecień, A., Stera, P. (eds) Computer Networks. CN 2016. Communications in Computer and Information Science, 2016, vol. 608. Springer, Cham. DOI: 10.1007/978-3-319-39207-3_11.

Chovancová, E., & Ádám, N. A Clustered Hybrid Honeypot Architecture. Acta Polytechnica Hungarica, 2019, vol. 16, iss. 10, pp. 173-189. DOI: 10.12700/APH.16.10.2019.10.11.

Baykara, M., & Das, R. A novel honeypot based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications, 2018, vol. 41, pp. 103-116. DOI: 10.1016/j.jisa.2018.06.004.

Li, Y., Shi, L., & Feng, H. A Game-Theoretic Analysis for Distributed Honeypots. Future Internet, 2019, vol. 11, iss. 3, article no. 65. DOI: 10.3390/fi11030065.

Fraunholz, D., Zimmermann, M., & Schotten, H. D. An adaptive honeypot configuration, deployment and maintenance strategy. 2017 19th International Conference on Advanced Communication Technology (ICACT), 2017, pp. 53-57. DOI: 10.23919/ICACT.2017.7890056.

Wang, K., Du, M., Maharjan, S., & Sun, Y. Strategic Honeypot Game Model for Distributed Denial of Service Attacks in the Smart Grid. In IEEE Transactions on Smart Grid. Sept. 2017, vol. 8, no. 5, pp. 2474-2482, DOI: 10.1109/TSG.2017.2670144.

Nasr, M., Zolfaghari, H., & Houmansadr, A. The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017. DOI: 10.1145/3133956.3134075.

Sadasivam, G. K., & Hota C. Scalable Honeypot Architecture for Identifying Malicious Network Activities. 2015 International Conference on Emerging Information Technology and Engineering Solutions. Mahashtra, India, 2015, pp. 27-31. DOI: 10.1109/EITES.2015.15.

Kumar, S., Janet, B., & Eswari, R. Multi Platform Honeypot for Generation of Cyber Threat Intelligence. 2019 IEEE 9th International Conference on Advanced Computing (IACC). Tiruchirappalli, India, 2019, pp. 25-29. DOI: 10.1109/IACC48062.2019.8971584.

You, J., Lv, S., Sun, Y., Wen, H., & Sun, L. HoneyVP: A Cost-Effective Hybrid Honeypot Architecture for Industrial Control Systems. ICC 2021 - IEEE International Conference on Communications, Montreal, QC, Canada, 2021, pp. 1-6, DOI: 10.1109/ICC42927.2021.9500567.

Ilg, N., Duplys, P., Sisejkovic, D., & Menth, M. A survey of contemporary open-source honeypots, frameworks, and tools. Journal of Network and Computer Applications, 2023, vol. 220, article no. 103737, ISSN 1084-8045, DOI: 10.1016/j.jnca.2023.103737.

Shabtai, A., Bercovitch, M., Rokach, L., Gal, Y., Elovici, Y., & Shmueli, E. Behavioral Study of Users When Interacting with Active Honeytokens. ACM Trans. Inf. Syst. Secur., 2016, vol. 18, iss. 3, article no. 9, pp. 1-21. DOI: 10.1145/2854152.

Juels, A., & Rivest, R. L. Honeywords: Making password-cracking detectable. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 2013, pp. 145–160. DOI: 10.1145/2508859.2516671.

Rrushi, J. L. NIC displays to thwart malware attacks mounted from within the OS. Comput. Secur., 2016, vol. 61, pp. 59–71. DOI: 10.1016/j.cose.2016.05.002.

Kaghazgaran, P., & Takabi, H. Toward an Insider Threat Detection Framework Using Honey Permissions. Journal of Internet Services and Information Security (JISIS), 2015, vol. 5, iss. 3. DOI: 10.22667/JISIS.2015.08.31.019.

Efendi, M. A., Ibrahim, Z. B., Zawawi, M. N., Rahim, F. A., Pahri, N. A., & Ismail, A. A Survey on Deception Techniques for Securing Web Application. 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). 2019, pp. 328-331. DOI: 10.1109/BigDataSecurity-HPSC-IDS.2019.00066.

Onaolapo, J., Mariconti, E., & Stringhini, G. What Happens After You Are Pwnd: Understanding the Use of Leaked Webmail Credentials in the Wild. In Proceedings of the 2016 Internet Measurement Conference (IMC '16). Association for Computing Machinery, New York, NY, USA, 2016, pp. 65–79. DOI: 10.1145/2987443.2987475.

De Faveri, C., Moreira, A., & Amaral, V. Multi-Paradigm Deception Modeling for Cyber Defense. The Journal of Systems & Software, 2018, vol. 141, pp. 32-51. DOI: 10.1016/j.jss.2018.03.031.

De Cristofaro, E., Friedman, A., Jourjon, G., Ali Kaafa, M. A., & Shafiq, M. Z. Paying for Likes? Understanding Facebook Like Fraud Using Honeypots. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC '14). Association for Computing Machinery, New York, NY, USA, 2014, pp. 129-136. DOI: 10.1145/2663716.2663729.

Almeshekah, M. H., & Spafford, E. H. Planning and Integrating Deception into Computer Security Defenses. In Proceedings of the 2014 New Security Paradigms Workshop (NSPW '14). Association for Computing Machinery, New York, NY, USA, 2014, pp. 127–138. DOI: 10.1145/2683467.2683482.

Bercovitch, M., Renford, M., Hasson, L., Shabtai, A., Rokach, L., & Elovici, Y. HoneyGen: An automated honeytokens generator. Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics, Beijing, China, 2011, pp. 131-136. DOI: 10.1109/ISI.2011.5984063.

Matin, I. M. M., & Rahardjo, B. Malware Detection Using Honeypot and Machine Learning. 2019 7th International Conference on Cyber and IT Service Management (CITSM). Jakarta, Indonesia, 2019, pp. 1-4. DOI: 10.1109/CITSM47753.2019.8965419.

Ahmed, J., Karpenko, A., Tarasyuk, O., Gorbenko, A., & Sheikh-Akbari, A. Consistency issue and related trade-offs in distributed replicated systems and databases: a review. Radioelectronic and Computer Systems, 2023, no. 2. pp. 171-179. DOI: 10.32620/reks.2023.2.14.

Fursov, I., Yamkovyi, K., & Shmatko, O. Smart Grid and wind generators: an overview of cyber threats and vulnerabilities of power supply networks. Radioelectronic and Computer Systems, 2022, vol. 4. pp. 50-63. DOI: 10.32620/reks.2022.4.04.

Dovbysh, A., Liubchak, V., Shelehov, I., Simonovskiy, J., & Tenytska, A. Information-extreme machine learning of a cyber attack detection system. Radioelectronic and Computer Systems, 2022, no. 3, pp. 121-131. DOI: 10.32620/reks.2022.3.09.

Morozova, O., Nicheporuk, A, Tetskyi, A., & Tkachov, V. Methods and technologies for ensuring cybersecurity of industrial and web-oriented systems and networks. Radioelectronic and Computer Systems, 2021, no. 4, pp. 145-156. DOI: 10.32620/reks.2021.4.12.

Moskalenko, V., Zarets'kyy, M., Moskalenko, A., Kudryavtsev, A., & Semashko, V. Multi-layer model and training method for malware traffic detection based on decision tree ensemble. Radioelectronic and Computer Systems, 2020, no. 2, pp. 92-101. DOI: 10.32620/reks.2020.2.08.

Lysenko, S., Bobrovnikova, K., Shchuka, R., & Savenko, O. A Cyberattacks Detection Technique Based on Evolutionary Algorithms. 11th International Conference on Dependable Systems, Services and Technologies (DESSERT), 2020, vol. 1, pp. 127-132. DOI: 10.1109/DESSERT50317.2020.9125016.

Bobrovnikova, K., Lysenko, S., Savenko, B., Gaj, P., & Savenko, O. Technique for IoT malware detection based on control flow graph analysis. Radioelectronic and Computer Systems, 2022, no. 1, pp. 141–153. DOI: 10.32620/reks.2022.1.11.

Savenko, B., Kashtalian, A., Lysenko, S., & Savenko, O. Malware Detection By Distributed Systems with Partial Centralization. 2023 IEEE 12th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Dortmund, Germany, 2023, pp. 265-270. DOI: 10.1109/IDAACS58523.2023.10348773.

Savenko, O., Lysenko, S., & Kryschuk, A. Multi-agent based approach of botnet detection in computer systems. CCIS, 2012, vol. 291, pp. 171–180. DOI: 10.1007/978-3-642-31217-5_19.

Kleshch, K., & Shablii, V. Comparison of fuzzy search algorithms based on Damerau-Levenshtein automata on large data. Technology audit and production reserves, 2023, vol. 4, no. 2/72, pp. 27-32. DOI: 10.15587/2706-5448.2023.286382.

GDB: The GNU Project Debugger. Available at: https://www.sourceware.org/gdb/ (accessed 06.12.2023).

Powers, D. Evaluation: From Precision. Recall and F-Measure to ROC. Informedness. Markedness & Correlation. arXiv 2020. Available at: 10.48550/arXiv.2010.16061. (accessed 06.12.2023).

Chicco, D., & Jurman, G. The Matthews correlation coefficient (MCC) should replace the ROC AUC as the standard metric for assessing binary classification. BioData Mining, 2023, vol. 16, iss. 1, pp. 1-23. DOI: 10.1186/s13040-023-00322-4.

Savenko, B., Lysenko, S., Bobrovnikova, K., Savenko, O., & Markowsky, G. Detection DNS Tunneling Botnets. Proceedings of the 2021” IEEE 11th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), IDAACS’2021, Cracow, Poland, September 22-25, 2021. DOI: 10.1109/IDAACS53288.2021.9661022.