The dissertation analyzes the methods of synthesis of the architecture of distributed systems, models of indicators of the environment for distributed systems in corporate networks, methods of organizing the functioning of distributed systems and methods of detecting malicious software, in particular worm viruses. The work developed a method of synthesizing mathematical models of security levels of system components to obtain new analytical expressions for a comprehensive description of the environment of corporate networks and processes that will take place in partially centralized distributed systems, improved the model of partially centralized distributed systems, developed a method of organizing the functioning of partially centralized distributed systems, developed method of detecting worm viruses using their division into classes based on common features and defined criteria for many classes, as well as developed a corresponding distributed system, set up experiments and carried out experimental studies with the developed system.
The object of the study is the process of synthesis of partially centralized distributed systems for detecting malicious software.
The subject of research are methods and distributed systems with partial centralization for detecting malicious software in computer networks.
The aim of the dissertation research is to improve the effectiveness of distributed systems for detecting malicious software in computer networks due to the synthesis of the principles of partial centralization, self-organization and adaptability in their architecture.
The scientific novelty of the obtained results is as follows:
1) the model of partially centralized distributed malware detection systems was improved, which synthesized the principles of self-organization and adaptability in such a way that such a model made it possible to create malware detection systems according to it, the functioning of which makes it difficult for attackers to understand them, allows independent decision-making and flexible restructuring of the architecture, which improves their resistance to malicious actions and detection of malicious software;
2) for the first time, a method of synthesizing mathematical models of the security levels of system components was developed to obtain new analytical expressions for a comprehensive description of the surrounding environment of corporate networks and processes that will take place in distributed systems, which made it possible to reconcile the characteristic indicators, which are set by discrete and continuous values, and for formation of new characteristics;
3) a new method of organizing the functioning of partially centralized distributed systems was developed, in which the distribution of system components in relation to the decision-making center was carried out for the implementation of partial centralization, self-organization and adaptability, which made it possible to set mechanisms for complicating the understanding of the principle of their functioning, independent decision-making regarding further steps , rebuilding their architecture and filling the system with methods of detecting malicious software;
4) a new method of detecting worm viruses was developed, the essence of which is to divide them into classes based on common features and defined criteria according to many classes of features and to make a decision to assign a worm virus to a certain class by a partially centralized distributed system, which improved the reliability of detection, in particular due to hiding the principles of system functioning.
A partially centralized distributed system for detecting malicious software, in particular worm viruses, has been developed. has the ability to fill it with various methods of prevention, detection and countermeasures against malicious software and computer attacks, and it also ensures proper stability and stability when functioning in computer networks of its components. The peculiarity of the developed partially centralized distributed system is the difficulty in understanding its functioning by attackers, automatic and flexible provision of the transfer of the center between components during the functioning of the system, automatic decision-making regarding further steps and do not require the involvement of the administrator. In addition, the implemented method of detection of worm viruses is based on a multi-class classification of objects, and the results of its application for detection confirm the effectiveness of the proposed solution.
As a result of the experimental studies with the developed system, the correct functioning of the partially centralized distributed system, the possibility of its application to the detection of worm viruses, as well as the appropriate levels of stability and degradation of the system were confirmed.
The results of the work are implemented in production and in the educational process of the university.
