THE COMPUTER TECHNICAL STATE ESTIMATION METHOD DESIGN BASED ON THE SYSTEM EVENT ANALYSIS
Keywords:
antivirus protection, antivirus system, system events analysis, multi-level maps, operating system processes analysis, associative analysis.Abstract
In the article the method of an estimation of a computer condition on the basis of the analysis of system events of operating system Windows 10 is offered. The analysis of system events was performed in the normal mode and when the system was infected by viruses such as PetyaA and WannaCry. Based on the statistics of the parameters of the operating system events, regularities was found that describe the state of the operating system. The obtained statistics provided an opportunity to build a set of associative rules for detecting computer viruses. To accumulate system events and for their further analysis, anti-virus application are built. To quickly search for each factor of virus activity in an antivirus application, a hash table was used. The developed software allowed us to identify the infection factors described in this article and block the execution of the virus process
Downloads
References
2. Вирусная атака в Украине: в СБУ рассказали, как идет борьба с вирусом Сегодня 2017 [Электронный ресурс]. – Режим доступа к ресурсу: https://www.segodnya.ua/ukraine/virusnaya-ataka-v-ukraine-v-sbu-rasskazali-kak-idet-borba-s-virusom-1066518.html
3. Киберполиция сообщила о последствиях вируса BadRabbit для Украины РИА Новости Украина 2017 [Электронный ресурс]. – Режим доступа к ресурсу: http://rian.com.ua/incidents/20171025/1028863477.html
4. Усовершенствованная концепция защиты данных на базе многоуровневого анализа карт операционной системы/ С.Ю. Гавриленко, И.В.Шевердин // Системи управління навігації та зв’язку. – Полтава, 2017, с. 8.
5. Семенов. С.Г. Защита данных в компьютеризированных управляющих системах (монография) / С.Г. Семенов, В.В. Давыдов, С.Ю. Гавриленко.– «LAP LAMBERT ACADEMIC PUBLISHING» Германия, 2014.– 236 с.
6. Лукацкий А.В. Обнаружение атак/А.В. Лукацкий. – Спб: ВХВ-Петербург, 2001. – 624 с.
7. Шелухин О.И. Обнаружение вторжений в компьютерные сети / О.И. Шелухин, Д. Ж Сакалема, А.С. Филинова. – М.: Гарячая линия-Телеком, 2013. – 220 с.
8. Gavrilenko S. Approximating computer system operation technologies under external action through the brusselator model with perturbation in the form of dynamic chaos / S. Semenov., S.Gavrilenko // Transilvania University of Brasov, Romania, Recent 44-Vol. 16 (2015), No. 1 (44), March 2015.– pp 36-40.
9. Gavrilenko S. Formation and study of heuristics in antivirus analyzers using the Mamdani algorithm / S.G. Semenov, S.YU. Gavrilenko // Journal of Qafqaz university, Azerbadhan, Mathematics and computer science 2015, Vol.(3), № 3, pp. 116-120.
10 Semenov S. Assessment of the state of the computer system based on the Hurst exponent/ S. Gavrilenko, S. Semenov, V. Chelak // Proceedings of the symposium “Metrology and metrology assurance”– Sozopol, Bulgaria, 2017, pp. 119-122.
11. Deductor Studio Academic [Электронный ресурс]. – Режим доступа к ресурсу: https://basegroup.ru/deductor/download.