Product Details

Systém pro detekci malware založený na kontextové analýze

Created: 2023

English title
A malware detection system based on context analysis
Type
software
License
In order to use the result by another entity, it is always necessary to acquire a license
License Fee
The licensor requires a license fee for the result
Authors
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Holkovič Martin, Ing., Ph.D.
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Minařík Pavel, RNDr., Ph.D.
Šnupárek Aleš
Hojdar Štěpán
Střítežský Jan
Unzeitig Marek
Keywords

malware detection, context analysis, malware communication, indicators of
compromise (IoC), communication monitoring, anomaly detection, identification of
unknown threats, network security

Description

The malware detection system is based on contextual analysis and implements
learning-based models that specifically target malware communication. The main
element of the system is the creation of representative malware models based on
indicators of compromise (IoC). These indicators are extracted from a detailed
analysis of a collection of malware samples obtained from different instances of
the same malware family and analyzed in an isolated sandbox environment. This
approach allows the system to process and evaluate ambiguous and partially
consistent data, which is common in a dynamic cybersecurity environment. The
system also uses the baseline mechanism, which is based on the monitoring and
analysis of standard communication patterns between nodes in the network. Any
deviations from this baseline that indicate sudden and unusual changes in
communication characteristics are considered potential indicators of malware
infiltration. This aspect of the system is key to detecting new or previously
unknown threats that may not be included in existing malware models. Overall, the
system is designed to effectively identify and classify both known and unknown
types of malware through a combination of advanced contextual analysis, fuzzy
set-based modeling, and anomaly detection in network communication patterns.

Location

V privátním repozitáři projektu.

Projects
Context-based Encrypted Traffic Analysis Using Flow Data, TAČR, 3. veřejná soutěž - Program průmyslového výzkumu a experimentálního vývoje TREND, PODPROGRAM 1 – TECHNOLOGIČTÍ LÍDŘI, FW03010099, start: 2021-01-01, end: 2023-12-31, running
Research groups
Departments
Back to top