Overview of static methods of analysis malicious software
Abstract
In today's world, the problem of losses from the actions of malicious software (or ordinary software, which has the characteristics of undeclared functions) continues to be extremely relevant. Therefore, the creation and modification of anti-virus solutions for protection and analysis of malware (software) is a relevant and promising area of research. This is due to the lack of a single, universal method that provides 100% finding malicious code. The paper considers the composition and main components of static analysis. The main methods of static analysis is identified, and relevant examples of almost all of them are given. Got concluded that the main advantages of static analysis are that by using a relatively simple set of commands and tools, it is possible to perform malware analysis and partially understand how it works. Attention is drawn to the fact that static analysis does not give 100% certainty that the investigated software is malicious. With this in mind, to provide a more meaningful analysis, you need to collect as much data as possible about the structure of the file, its possible functions, etc. Analysis of files for the possible presence of malicious code is provided through the use of appropriate programs to view their structure and composition. A more informative way is to analyze the Portable Executable format. It consists of the analysis of various sections of the code of fields and resources. Since static analysis does not always provide the required level of guarantees, it is better to use machine learning algorithms at the stage of making the final classification decision (malicious or not). This approach will make it possible to process large data sets with greater accuracy in determining the nature of the software is analyzed. The main purpose of this work is to analyze the existing methods of static malware analysis, and review the features of their further development.
Downloads
References
Вредоносное ПО [Електронний ресурс] / Malwarebytes Режим доступу до ресурсу: https://ru.malwarebytes.com/malware/ (дата звернення 19.05.2020) - Загл. с экрана
Вредоносные программы (malvare) [Електронний ресурс] / Anti-Malware. Режим доступу до ресурсу: https://www.anti-malware.ru/threats/malware (дата звернення 19.05.2020) - Загл. с экрана
Michael S. Practical Malware Analysis: The Hands – On Guide to Dissecting Malicious Software / Michael S., Andrew H.; пер. с англ. Черников С. – Санкт-Питербург : Питер, 2018. - 786 с. (Серия «Для профессионалов»).
Монаппа К. А. Анализ вредоносных программ / пер. с анг. Д. А. Беликова. – М.: ДМК Пресс, 2019. – 452 с.: ил.
VirusTotal Доступ до електронного ресурсу: https://www.virustotal.com/gui/
Peering Inside the PE: A Tour of the Win32 Portable Executable File Format [Електронний ресурс] / Pietrek M. // Microsoft Docs. - 2010 Доступ до електронного ресурсу: https://docs.microsoft.com/en-us/previous-versions/ms809762(v=msdn.10)-?redirectedfrom=MSDN (дата звернення 11.05.2020) - Загл. с экрана
Борьба с вирусами: опыт контртеррористических операций / Касперски К. // Системный администратор. – 2004. – Режим доступу до журн.: http://citforum.ru/security/virus/virii_dis/ (дата звернення 18.05.2020) - Загл. с экрана