INFORMATION TECHNOLOGY FOR DETECTING MALICIOUS CODES IN INFORMATION SYSTEMS BASED ON PARALLEL PROCESS ANALYSIS

Abstract

The paper proposes a novel methodology for detecting malicious commands concealed in graphic files using steganographic techniques. The proposed approach combines static and dynamic analysis, enabling the identification of both structural anomalies in graphic files and specific behavioral patterns of suspicious processes. During the static analysis phase, graphic files are examined for signs of known steganographic techniques, including pixel structure artifacts and abnormal noise patterns. If suspicious characteristics are detected, the process interacting with such a file is transferred to an isolated virtual environment for safe behavioral analysis.

For dynamic analysis, a Long Short-Term Memory (LSTM) neural network is employed, which analyzes time sequences of parameters, including network traffic, file operations, resource consumption, and memory activity.

Experimental studies confirmed the high efficiency of the proposed methodology. The combined approach achieved an accuracy of 98%, recall of 96%, and a false positive rate (FPR) of 3%, significantly outperforming traditional tools such as StegExpose and LSB-Steganalysis Toolkit. Specifically, static analysis alone demonstrated an accuracy of 89%, while LSTM-based dynamic analysis achieved an accuracy of 94%.

The proposed methodology effectively detects complex steganographic attacks; however, its performance largely depends on the quality of the training dataset and requires significant computational resources. Future research will focus on expanding the methodology's capabilities to analyze other multimedia formats and improving the neural network training mechanisms to enhance its adaptability to new types of steganographic attacks.