Nicheporuk A. Information technology for detecting metamorphic viruses in local computer networks

The dissertation is devoted to solving of the important scientific problem - the creation of information technology to increase reliability and efficiency of metamorphic virus detection in the corporate area networks of distributed information system. The weaknesses of the information technologies, methods and software tools for metamorphic virus detection in the local computer networks of distributed information system were outlined. A behavioral model of metamorphic viruses has been developed taking into account the obfuscation metamorphic transformations and the model of the process of detecting metamorphic viruses in the local network using modified emulators. Based on the developed models, the information technology for detecting metamorphic viruses in local computer networks was built based on two newly developed methods: the metamorphic virus detection method based on the analysis of the behavior of the program using modified emulators in the local network and a method of identification based on the searching and comparing equivalent functional blocks between programs. The software of the information technology for metamorphic virus detection in the local computer networks was developed. Usage of the developed software makes it possible to detect new and modified copies of already existing metamorphic viruses with high reliability.