Product Details
Systém pro detekci malware založený na kontextové analýze
Created: 2023
Holkovič Martin, Ing., Ph.D.
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Minařík Pavel, RNDr., Ph.D.
Šnupárek Aleš
Hojdar Štěpán
Střítežský Jan
Unzeitig Marek
malware detection, context analysis, malware communication, indicators of
compromise (IoC), communication monitoring, anomaly detection, identification of
unknown threats, network security
The malware detection system is based on contextual analysis and implements
learning-based models that specifically target malware communication. The main
element of the system is the creation of representative malware models based on
indicators of compromise (IoC). These indicators are extracted from a detailed
analysis of a collection of malware samples obtained from different instances of
the same malware family and analyzed in an isolated sandbox environment. This
approach allows the system to process and evaluate ambiguous and partially
consistent data, which is common in a dynamic cybersecurity environment. The
system also uses the baseline mechanism, which is based on the monitoring and
analysis of standard communication patterns between nodes in the network. Any
deviations from this baseline that indicate sudden and unusual changes in
communication characteristics are considered potential indicators of malware
infiltration. This aspect of the system is key to detecting new or previously
unknown threats that may not be included in existing malware models. Overall, the
system is designed to effectively identify and classify both known and unknown
types of malware through a combination of advanced contextual analysis, fuzzy
set-based modeling, and anomaly detection in network communication patterns.
V privátním repozitáři projektu.