METHOD OF DETECTING MALICIOUS SOFTWARE AND COMPUTER ATTACKS WITH MULTI -COMPUTER ANTIVIRAL COMBINED BAITS AND TRAPS

Abstract

The study has developed a new method of detecting malicious software (RFS) and computer attacks (CA) with multi -computer systems based on the introduction of antiviral combined baits and traps. A model is proposed, which involves the inclusion in the system of many baits, different in architectural characteristics, functional purpose and tactics of behavior in the virtual environment. Some of these components acts as intellectual agents capable of autonomous decision -making, interaction with each other and coordinating actions with the central node of the system.

                    The mechanisms of functional distribution of tasks between baits are formalized, taking into account their ability to multi -purpose use, which increases the efficiency of system resources. It is determined that each bait can be involved in several stages of processing of events, performing both the role of the initiator of the response and the element of collective analysis.

                    A three -tier model of event processing in a system consisting of: 1) primary analysis of events with a separate lure was implemented; 2) group coordination of the results by several lures that interact in the framework of certain scenarios; 3) comprehensive processing by the whole system, taking into account the information collected in the previous stages. This approach provides the flexibility of the system when responding to threats, and also allows you to dynamically adapt behavioral patterns depending on the type and characteristics of the attacking action.

Due to the use of variational fraudulent mechanisms, an increase in the level of counteraction to modern types of RFS and CA has been achieved. It is demonstrated that such architecture not only reduces the likelihood of successful penetration of the attacker into the critical elements of the system, but also contributes to the accumulation of analytical information to further identify and neutralize threats.