Product Details
Systém pro detekci malware založený na kontextové analýze
Created: 2023
Holkovič Martin, Ing. (Flowmon)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT)
Minařík Pavel, RNDr., Ph.D. (Flowmon)
Aleš Šnupárek (Flowmon)
Hojdar Štěpán (Flowmon)
Jan Střítežský (Flowmon)
Unzeitig Marek (Flowmon)
malware detection, context analysis, malware communication, indicators of compromise (IoC), communication monitoring, anomaly detection, identification of unknown threats, network security
The malware detection system is based on contextual analysis and implements learning-based models that specifically target malware communication. The main element of the system is the creation of representative malware models based on indicators of compromise (IoC). These indicators are extracted from a detailed analysis of a collection of malware samples obtained from different instances of the same malware family and analyzed in an isolated sandbox environment. This approach allows the system to process and evaluate ambiguous and partially consistent data, which is common in a dynamic cybersecurity environment. The system also uses the baseline mechanism, which is based on the monitoring and analysis of standard communication patterns between nodes in the network. Any deviations from this baseline that indicate sudden and unusual changes in communication characteristics are considered potential indicators of malware infiltration. This aspect of the system is key to detecting new or previously unknown threats that may not be included in existing malware models. Overall, the system is designed to effectively identify and classify both known and unknown types of malware through a combination of advanced contextual analysis, fuzzy set-based modeling, and anomaly detection in network communication patterns.
In the project's private repository.