Перегляд за Автор "Nafiiev, Alan"

Зараз показуємо 1 - 2 з 2
  • Ескіз
    ДокументВідкритий доступ
    Comparative analysis of machine learning methods for detecting malicious files
    (Igor Sikorsky Kyiv Polytechnic Institute, 2021) Nafiiev, Alan; Kholodulkin, Hlib; Rodionov, Andrii
    Nowadays, one of the most critical cyber security problems is the fight against malicious software, precisely, the problem of detecting it. Every year, new modern computer viruses are created that are capable of mutation and changing while running. But unfortunately, the developers of antivirus software do not have time to quickly add all types of malicious programs to the signature databases. In this regard, it is sensible to use heuristic detection methods based on algorithms of machine learning. The purpose of this paper is to present several classification methods based on machine learning techniques for detecting zero-day attacks. In particular, the following algorithms were tested: random forest classifier, support vector classifier, greed search in svc, and k-nearest neighbors. The dataset was taken from the Kaggle website. It consists of 19611 executable files of the PE format, 14599 of which are malicious, and 5012 files are benign. This article presents recommended classification and detection methods with advanced analysis of important metrics that allow you to assess and compare machine learning algorithms’ effectiveness and performance for detecting malware.
  • Ескіз
    ДокументВідкритий доступ
    Malware Detection System Based on Static and Dynamic Analysis Using Machine Learning
    (Igor Sikorsky Kyiv Polytechnic Institute, 2023) Nafiiev, Alan; Rodionov, Andrii
    Cyber wars and cyber attacks are an urgent problem in the global digital environment. Based on existing popular detection methods, malware authors are creating ever more advanced and sophisticated malware. Therefore, this study aims to create a malware analysis system that uses both dynamic and static analysis. Our system is based on a machine learning method - support vector machine. The set of data used was collected from various Internet sources. It consists of 257 executable files in .exe format, 178 of which are malicious and 79 are benign. We use 5 different types of data representation: binary information, trace instructions, control flow graph, information obtained from the dynamic operation of the file, and file metadata. Then, using multiple kernel learning, we combine all data views and create one summative machine learning model.