Saprykin O. Models for automated analysis and diagnosis of polymorphic viruses in computer systems and networks

The aim of the study is to significantly reduce the time and cost of recognizing polymorphic mutators by developing and implementing a federated cloud-edge computing architecture based on ML-sandbox and vector-logical methods for finding zero-day malicious codes to protect cyberspace infrastructure. Polymorphic mutator is a mechanism for controlling the logical and syntactic modification of malicious code to mask it from detection by existing antivirus services. Scientific novelty of research results: 1) proposed a federal ML-architecture sandbox computing; 2) improved structural model of ML-computing; 3) improved matrix-logical method of diagnosing malicious code; 4) improved vector-matrix method of diagnosing malicious codes; 5) proposed methods: detection modified malicious codes; detection of the test sample by pre-installed anti-virus solutions; diagnosing polymorphic malware using Yara rules; creation of URLs of signatures of new generation, it allows to reduce the size of a database by 75%