ABSTRACTS OF ARTICLES OF THE JOURNAL "INFORMATION TECHNOLOGIES".
No. 10. Vol. 25. 2019

DOI: 10.17587/it.25.609-614

K. I. Salakhutdinova, Junior Recearcher, e-mail: kainagr@mail.ru, St. Petersburg Institute of Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, 199178, Russian Federation

The Improving of Program Identification Accuracy by Using the Additive Fisher Criterion

In this study, the information security field related to the management of installed software by automated system users is investigated.
An approach to increase the accuracy level of ELF file identification by using the Fishburn additive criterion is described. The criterion is applied to the executable file signatures, the formation principle of which was described in previous works. Signatures are built on the frequency occurrence for each of the ten selected assembly commands. The results of the performed executable files identification outcome post-processing are presented for all test sample files signatures compared with different methods, as well Accuracy increased and achieved to 99.19 %. A comparison with local and foreign studies is presented. Individually, it is worth to be noticed that the software identification is considered by the author as the identification of any common non-malicious programs, the prohibition on the use of which is established by the rules of the organization.
The proposed solution provides a sufficient level of program identification, allowing conducting the data storage media audit activities with purpose to identify unauthorized installed software. It is proposed to use this approach in conjunction with the previously developed methods of signatures formation and their comparison by information security specialists in organizations, as well as special services in computer forensics.
Keywords: software identification, information security, assembly commands, Fishburn additive criterion

P. 609–614 

To the contents