CASPIAN JOURNAL
MANAGEMENT AND HIGH TECHNOLOGIES
The method of time reduction during anti-virus heuristic qualifier learning based on the expanded binary search algorithm usage
 |
Read | Demina R.Yu., Azhmukhamedov I.M., Gurskaya T.G. The method of time reduction during anti-virus heuristic qualifier learning based on the expanded binary search algorithm usage // Caspian journal : management and high technologies. — 2017. — №1. — pp. 15-23. |
Demina R.Yu. - Assistant, Astrakhan State University, 20Р° Tatishchev St., Astrakhan, 414056, Russian Federation, raisapereverzeva@gmail.com
Azhmukhamedov I.M. - D.Sc. (Engineering), Associate Professor, Astrakhan State University, 20Р° Tatishchev St., Astrakhan, 414056, Russian Federation, iskander_agm@mail.ru
Gurskaya T.G. - Ph.D. (Engineering), Associate Professor, Astrakhan State University, 20Р° Tatishchev St., Astrakhan, 414056, Russian Federation, gurskai@mail.ru
The main means of anti-virus detection is the signature analysis. However, it isn't able to withstand "zero day" malwares, i.e. viruses which have not been studied by anti-virus experts yet. The heuristic analysis (HA) is applied to countermeasures to new viruses whose signatures haven't been included in antiviruses databases. Static HA is a specific instance of HA. Binary classification underlies HA and provides two stages: learning and detecting. At learning stage the features are taken from the known viruses on the basis of which the qualifier is formed. This qualifier can protect users from "zero day" malwares during the usage of the anti-virus packet installed on the user's computer. The most time-consuming step of qualificator learning is the stage of a features file selection and their insertion in the general list of features. These features characterize the file as a malware or well-behaved file. Several methods of the solution of specified tasks have been analyzed and their shortcomings for this stage have been revealed. The alternative method under the form of an algorithm of expanded binary search which transforms any list of features into the sorted sequence of unique elements has been suggested. Complexity of the offered algorithm has been appraised. The best and worst cases for this algorithm have been considered. The efficiency of the offered approach is confirmed as a result of its checking with the usage of computing experiments.
Key words: антивирусный эвристический анализ, сортировка, бинарный поиск, линейный поиск, сложность алгоритмов, машинное обучение, битовые карты, сортировка простыми вставками, бинарная классификация, обучение классификатора, anti-virus heuristic analysis, sorting,