A METHOD OF FUZZY CLASSIFICATION OF MALICIOUS SOFTWARE USING AN INTELLIGENT AGENT

Authors

DOI:

https://doi.org/10.32782/IT/2024-3-15

Keywords:

intelligent agent, multiagent system, polymorphic malware, fuzzy logic, probability, classification

Abstract

Purpose: development of an intelligent agent model in the structure of a multi-agent system for the classification of polymorphic malware. Research methodology: due to the fact that clearly identifying and classifying polymorphic viruses is a rather difficult task and classification is carried out under conditions of uncertainty, therefore, the solution of this problem involves the use of artificial intelligence technologies, namely fuzzy logic (fuzzy classification). The scientific novelty of the study: the use of this method is the second stage in the proposed approach to the detection, analysis and classification of polymorphic malware and involves the use of fuzzy logical inference, which consists of the following steps: (1) determining the characteristics of the detected polymorphic malware and forming a tree of logical inference ; (2) description of linguistic variables; (3) definition of functions belonging to linguistic terms; (4) formation of the knowledge base of the fuzzy inference system; (5) obtaining the probability of the investigated file belonging to polymorphic malware of different levels of complexity; (6) unclear classification of polymorphic viruses. Conclusions: the effectiveness of the proposed method, according to the conducted experiment, is that out of all detected polymorphic viruses in the previous study (89), this approach made it possible to classify them according to levels of complexity (all 89), and out of 40 files that are not polymorphic malicious software, 100% correct conclusions were obtained. That is, this approach made it possible to classify the detected polymorphic viruses by levels of complexity, taking into account belonging to vague terms at the level of low, below average, average, above average, and high, which is an advantage of this approach. Identifying the polymorphic malware belonging to a certain level of complexity makes it easier to select the necessary methods to combat and neutralize them.

References

Aboaoja F. A., Zainal A., Ghaleb F. A., Al-rimy B. A. S., Eisa T. A. E., Elnour A. A. H. Malware Detection Issues, Challenges, and Future Directions: A Survey. Applied Sciences. 2022. Vol. 12. № 17. P. 8482.

Djenna A., Bouridane A., Rubab S., Marou I.M. Artificial intelligence-based malware detection, analysis, and mitigation. Symmetry. 2023. Vol. 15. № 3. P. 677.

Ganin A., Quach P., Panwar M., Collier Z. A., Keisler J. M., Marchese D., Linkov I. Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management. Risk Analysis. 2017. Vol. 40. №. 1. P. 183–199.

Nguyen V.T. (2018). A study of polymorphic virus detection. URL: https://doi.org/10.13140/RG.2.2.19853.79842 (дата звернення: 15.08.2023).

Abdullah M. A., YuY., Adu K., Imrana Y., Wang X., Cai J. HCL-classifier: CNN and LSTM based hybrid malware classifier for internet of things (IoT). Future Generation Computer Systems. 2023. Vol. 142. P. 41–58.

Al-Andoli M. N., Tan S. C., Sim K. S., Lim C. P., Goh P. Y. Parallel deep learning with a hybrid BP-PSO framework for feature extraction and malware classification. Applied Soft Computing. 2022. P. 109756.

Atitallah S. B., Driss M., Almomani I. A novel detection and multi-classification approach for IoT-malware using random forest voting of finetuning convolutional neural networks. Sensors. 2022. Vol. 22. № 11. P. 4302.

Chaganti R., Ravi V., Pham T.D. A multi-view feature fusion approach for effective malware classification using deep learning. Journal of Information Security and Applications. 2023. Vol. 72. P. 103402.

Goyal Manish K. R. AVMCT: API Calls Visualization based Malware Classification using Transfer Learning. Journal of Algebraic Statistics. 2022. Vol. 13. № 1. P. 31–41.

Qiao Y., Zhang W., Du X., Guizani M. Malware classification based on multilayer perception and Word2Vec for IoT security. ACM Transactions on Internet Technology (TOIT). 2021. Vol. 22. № 1. P. 1–22.

Vasan D., Alazab M., Wassan S., Naeem H., Safaei B., Zheng Q. IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture. Computer Networks. 2020. Vol. 171. P. 107138.

Xiao G., Li J., Chen Y., Li K. MalFCS: An effective malware classification framework with automated feature extraction based on deep convolutional neural networks. Journal of Parallel and Distributed Computing. 2020. Vol. 141. P. 49–58.

Akhtar M. S., Feng T. Malware Analysis and Detection Using Machine Learning Algorithms. Symmetry (Basel). 2022. Vol. 14. № 11. P. 2304.

Chakraborty A., Kriti K., Yateendra, Bennet Praba M.S. Polymorphic Malware Detection by Image Conversion Technique. International Journal of Engineering and Advanced Technology (IJEAT). 2020. Vol. 9. № 3. P. 2898–2903.

Choi S., Bae J., Lee C., Kim Y., Kim J. Attention-based automated feature extraction for malware analysis. Sensors (Switzerland). 2020. Vol. 20. № 10. P. 1–17.

Liu S., Feng P., Wang S., Sun K., Cao J. Enhancing malware analysis sandboxes with emulated user behavior. Computers and Security. 2022. Vol. 115. P. 102613.

Lysenko S., Pomorova O., Savenko O., Kryshchuk A., Bobrovnikova K. (2015). DNS-based Anti-evasion Technique for Botnets Detection. 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Warsaw, Poland, 24–26 September 2015. 2015. P. 453–458.

Lysenko S., Savenko O., Bobrovnikova K. DDoS Botnet Detection Technique Based on the Use of the Semi-Supervised Fuzzy c-Means Clustering. CEUR-WS. 2018. Vol. 2104. P. 688–695.

Savenko B., Lysenko S., Bobrovnikova K., Savenko O., Markowsky G. Detection DNS Tunneling Botnets. 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Cracow, Poland, 22–25 September 2021. 2021.

Ligo A.K., Kott A., Linkov I. How to measure cyber-resilience of a system with autonomous agents: approaches and challenges. IEEE Engineering Management Review. 2021. Vol. 49. № 2. P. 89–97.

Taher F., AlFandi O., Al-kfairy M., Al Hamadi, H., Alrabaee S. DroidDetectMW: A Hybrid Intelligent Model for Android Malware Detection. Applied Sciences. 2023. Vol. 13. P. 7720.

Dunets O., Wolff C., Sachenko A., Hladiy G., Dobrotvor I. (2017). Multi-agent system of IT project plannin. 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Bucharest, 21–23 September 2017. 2017. P. 548–552.

Pomorova O., Savenko O., Lysenko S., Kryshchuk A. Multi-Agent Based Approach for Botnet Detection in a Corporate Area Network Using Fuzzy Logic. Communications in Computer and Information Science. 2013. Vol. 370. P. 243–254.

Savenko O., Sachenko A., Lysenko S., Markowsky G., Vasylkiv N. Botnet Detection Approach based on the Distributed Systems. International Journal of Computing. 2020. Vol. 19. № 2. P. 190–198.

Chaikovskyi M., Chaikovska I., Sochor T., Martyniuk I., Lyhun O. Comprehensive approach to the detection and analysis of polymorphic malware. CEUR-WS. 2024. Vol. 3736. P. 312–323.

Чайковський М. Ю. Комплексний підхід до виявлення та аналізу поліморфного зловмисного програмного забезпечення. Вимірювальна та обчислювальна техніка в технологічних процесах. 2024. № 2. С. 42–50.

Published

2024-12-06