WORM-VIRUS DETECTION METHOD ACCORDING TO MULTI-CLASS CLASSIFICATION

Abstract

The work presents the results of research on worm viruses and methods of their detection. Malware distribution happens all the time. The analyzed modern tools and systems for prevention, detection and countermeasures against malicious software and computer attacks are quite effective, provide a high percentage of detection and function at an adequate level. But criminals constantly study the capabilities of such tools and systems, improve malicious software and computer attacks, and achieve certain results. Therefore, developers of tools and systems for prevention, detection and countermeasures against malicious software and computer attacks must constantly improve them. The protection of corporate networks is relevant. They can be effectively configured to increase computing resources when solving the tasks of warning, detecting and countering malicious software and computer attacks to protect corporate networks. Therefore, the article defines as an urgent scientific task - the development of methods to improve the efficiency of the functioning of distributed systems with partial centralization for detection of malicious software and computer attacks in computer networks and detection of malicious software with their use due to the synthesis of their architecture in such a way that the principles of functioning of such systems make it difficult for criminals to understand them. The work considers a set of worm viruses, which covers network features as much as possible. Therefore, to study the effectiveness of methods of creating distributed systems and the systems themselves based on them, worm viruses were considered. The purpose of the work is to develop a method for detecting worm viruses in corporate networks. The work developed a method of detecting worm viruses using their division into classes based on common features and defined criteria according to the classification of objects according to many classes and taking into account its implementation in the architecture of partially centralized distributed systems to obtain a complete sensor and make a decision regarding the classification of worms virus to a certain class. This improved the reliability of detection by 8-11% compared to using the method without directly involving the elements and components of the system. As a result of setting up experiments and conducting them, results were obtained that confirm the correct functioning of a partially centralized distributed system for the detection of worm viruses.