THE CONCEPT OF DISTRIBUTED COMPUTING USAGE FOR THE ANALYSIS OF POLYMORPHIC VIRUSES
DOI:
https://doi.org/10.31891/2307-5732-2024-331-4Keywords:
distributed computing, malware detection, polymorphic viruses, multicomputer systemsAbstract
This work presents a model of the application of modern means to ensure the protection of personal data of users from the abnormal influence of polymorphic viruses, with the involvement of distributed computing for effective detection of threats. The challenge of detecting malware persists over an extended period, primarily due to the substantial number of malware instances being created today and the proliferation of software and web services in current use. Despite the large amount of detection tools, incidents of personal data leaks from various platforms used daily are recorded annually. This situation arises from malware developers applying research studies on how malware is detected and attempting to include various evasion techniques into malware. This paper presents an analysis of modern methods for organizing distributed systems, such as cluster computing, grid computing, cloud computing and edge computing, for various purposes. Also, the positive aspects of applying such systems are presented, as well as the challenges they face during their operation. The paper also explores key approaches achievable through distributed computing for malware detection, including parallel processing for studying malware behaviour, developing isolated cloud systems for testing potential malware, and simultaneous execution of the same virus to obtain more efficient and accurate results. Special attention is given to the concept of polymorphic viruses and their evasion techniques, which significantly complicate analysis and consequently lower the chances of detection. The primary objective of this article is to introduce a distributed approach that uses the capabilities of highly efficient antivirus software to enhance the chances of detecting new malwares and threats. Following the performed analysis, the system type is selected, and the main modules for the central system unit and computing elements are considered. Central system unit includes a user interface module, a module for efficiently distributing tasks (files and programs for analysis) among computing elements, and a voting module to ensure security requirements. Each computing element utilizes specialized software to communicate with the system and employs one of the selected antivirus programs to perform analyses. The proposed concept increases the chances of detecting new threats by incorporating various approaches to malware identification with distributed approach.