METHOD OF ORGANIZING A DISTRIBUTED SYSTEM FOR DETECTINGINFECTED PROGRAMS IN ISOLATED ENVIRONMETNS

Abstract

This work is dedicated to the study of methods and tools for organizing distributed systems to detect infected programs that utilizes evasion techniques. The research employs a set of isolated environments to analyse program behaviour during execution. The relevance of research and analysis, as well as the search for new methods of detecting malicious software, has a primary importance. This is confirmed by the large number of new malware samples and the rapid development of evasion techniques. Despite the availability of various detection tools, numerous cases of personal and corporate data breaches are recorded annually on different web resources and platforms. The complexity of detecting such threats is particularly associated with the use of methods that incorporated polymorphic features, making detection significantly more challenging. This paper analyses the application of distributed system technologies for identifying of malicious software and presents modern solutions. Special attention is given to the advantages of using grid computing systems and their organizational specifics. The aim of this study is to introduce a method that utilizes task distribution among elements of a grid computing system to efficiently balance the load while considering the autonomy of computing elements. Tasks in this context involve sending requests to computing elements for executing and analysing infected programs, enabling the formation of behavioural models. The proposed system employs a central server to coordinate all internal communication processes, collect execution results of infected programs, and further analyse them to detect the presence of malicious activity in the software. The proposed method not only enables task distribution but also optimizes it by considering the autonomy of system elements. This is achieved through a developed network protocol that facilitates interaction between the central server and computing elements.