Pogorelov V. Neural models and methods for computer viruses recognition

In terms of the work, it is resolved the actual scientific and applied task of increasing the effectiveness of computer viruses detection by researching and developing new neural network models, methods and means of recognizing computer viruses that can quickly adapt to the conditions of use and respond to the emergence of new types of viruses. The prospects of application in the circuit of anti-virus protection systems and neural network tools for malware recognition are substantiated. The possibility of using of neural network model both in behavioral analyzers and when using signature analysis is shown. Also for domestic anti-virus protection systems, the set of expected conditions of application for the specified neural network means is defined. A conceptual model for assessing deep neural networks has been developed, which, due to the interrelated principles of permissibility of use, determining a set of effective types and evaluating the effectiveness of a type of deep neural network, makes it possible to determine a variety of modern neural network models for building effective antivirus tools. The model for construction of parameters of educational examples for a deep neural network was developed that is based on formal representation of encoded values of API-functions calls, bytes of sequence of N-grams, opcodes, the main registers of the processor, and also results of static analysis of samples of malicious and safe programs, two-dimensional interpretation of binary code, parameters of the values state dependence graph. The model allows to build means of the neural network analysis of the obfuscated code. A method for determining the architectural parameters of a deep neural network designed for virus recognition has been developed, which because of the use of the proposed conceptual model for assessing deep neural networks and model for construction of training examples used to implement the stages of determining the basic conditions of application, neural network model and the most effective architecture, as well as the constrcution of parameters of educational examples and determining the parameters of the architecture of the most effective type of deep neural network, allows you to form a set of values that ensure the adaptability of such a network to certain conditions of use. The method of neural network recognition of computer viruses was further developed, which provides sufficient error of recognition under different conditions by determining the conditions of creation and application of neural network means, processes of forming portraits of viruses and secure programs, as well as determining architectural parameters of deep neural network, verification and evaluation of neural network means. The method takes into account the limitations related to creation of a training sample and the limitations related to the computing resources of the anti-virus protection system. The specialized software is developed that is based on the created neural network methods and models and allows providing sufficient accuracy of computer viruses recognition and providing efficiency of algorithms