SOFTWARE PROTECTION METHOD BASED ON HYBRID CODE ANALYSIS
DOI:
https://doi.org/10.28925/2663-4023.2025.29.871Keywords:
malicious code, signature search, detection of malicious software, program classification, code metrics, , hybrid analysis, artificial neural networks, , machine learningAbstract
The article addresses current issues of software protection against malicious code and the detection of its manifestations during development and operation. It notes that modern methods of software analysis, particularly static and dynamic analysis, have both advantages and significant limitations, including a high number of false positives, low efficiency against polymorphic threats, and high computational resource requirements. As an optimal solution, the use of hybrid analysis is proposed, which combines the strengths of different approaches to improve the accuracy of vulnerability detection and reduce the number of erroneous results.
The work presents a mathematical model for vulnerability detection based on symbolic execution and combined code analysis, as well as developed algorithms for constructing a reduced program path graph, calculating distance metrics to potentially dangerous code sections, and implementing directed dynamic symbolic execution.
The methodology of vulnerability warning classification involves dividing them into three categories: confirmed, unconfirmed, and requiring additional inspection. This approach significantly reduces the complexity of analysis, improves the reliability of results, and automates the process of detecting potentially dangerous code. Particular attention is given to the formalization of concepts related to constraints on program path execution, symbolic conditions, and safety predicates.
The obtained results demonstrate the effectiveness of hybrid analysis when working with large-scale projects where both speed and accuracy in threat detection are critical. The capabilities of the modular architecture of the hybrid analysis tool are examined, ensuring flexibility in expanding functionality and integrating new methods. An analysis of key software vulnerability metrics is conducted, which can be used to assess software security.
Directions for further research are proposed, particularly improving symbolic execution algorithms to account for indirect dependencies and anti-analysis mechanisms. The research findings can be applied in the development of new systems and the modernization of existing code analysis tools aimed at enhancing software security.
Downloads
References
Microsoft Security Essentials / What is Malware? https://www.microsoft.com/uk-ua/security/business/security-101/what-is-malware.
Static and Symbolic Analysis. URL: https://www.talkcrypto.org/blog /2019/03/15/static-and-symbolic-analysis/ .
Python Type Checking. URL: https://testdriven.io/blog/python-typechecking/.
Delmas, D. 2022. Static analysis of program portability by abstract interpretation (Doctoral dissertation). Sorbonne Université.
Generating and using a Callgraph, in Python. URL: https://cerfacs.fr/coop/pycallgraph.
Data Flow Analysis. URL: https://www.codingninjas.com/studio/library/data-flow-analysis.
Python Control Flow Statements and Loops. URL: https://pynative.com/python-control-flow-statements/
Akhtar, M. S., & Feng, T. 2022. Malware analysis and detection using machine learning algorithms. Symmetry, 14(11), 2304. URL: https://doi.org/10.3390/sym14112304.
Monat, R., Ouadjaout, A., Miné, A. A Multilanguage Static Analysis of Python Programs with Native C Extensions. In: Drăgoi, C., Mukherjee, S., Namjoshi, K. Static Analysis. SAS 2021. Lecture Notes in Computer Science, Vol 12913. Springer, Cham. URL: https://doi.org/10.1007/978-3-030-88806-0_16.
B. Chess and G. McGraw, “Static analysis for security,” in IEEE Security & Privacy, vol. 2, no. 6, P. 76-79, Nov.-Dec. 2004, https://doi.org/ 10.1109/MSP.2004.111.
Rami Sihwail, Khairuddin Omar and Khairul Akram Zainol Ariffin,"A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis," International Journal on Advanced Science, Engineering and Information Technology, 2018. Vol. 8, no. 4-2, P. 16621671.
Tahir, R. A study on malware and malware detection techniques. International Journal Education and Management Engineering (IJEME) 2018. 8(2), P.20–30
Chowdhury, I., & Zulkernine, M. Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. Journal of Systems Architecture, 2011. 57(3), P.294–313.
Shin, Y., & Williams, L. Can traditional fault prediction models be used for vulnerability prediction? Empirical Software Engineering, 2008. 13, P.497–530.
Zimmermann, T., Nagappan, N., Gall, H., Giger, E., & Murphy, B. 2010. Cross-project defect prediction: A large scale experiment on data vs. domain vs. process.
Scandariato, R., Walden, J., Hovsepyan, A., & Joosen, W. Predicting vulnerable software components via text mining. IEEE Transactions on Software Engineering, 2014. 40(10), P.993–1006.
Laptiev O., Zozulya S. Method of excluding known signals when scanning a given radio band. Electronic professional scientific publication "Cybersecurity: education, science, technology". 2023. Vol. 2 No. 22. P. 31–38. https://doi.org/10.28925/2663-4023.2023.22.3138
Oleksandr Laptiev, Vitaliy Savchenko, Alla Kobozeva, Anatoliy Saliy, Timur Kurtseitov. Methods of assessing information security in communication networks. Cybersecurity: Education, Science, Technology. 2025. Vol. 3. No. 27. P. 522-533. https://doi.org/10.28925/2663-4023.2025.27.767
O. Laptiev, T. Laptieva, M. Brailovsky. Methods for calculating the parameters of detecting signals of means of covert information acquisition (radio emission sources. Electronic professional scientific publication "Cybersecurity: education, science, technology". 2025. Vol. 4 No. 28. 2025. P. 575–585. https://doi.org/10.28925/2663-4023.2025.28.812
O.Laptiev, N.Lukova-Chuiko, S.Laptiev, T.Laptieva, V.Savchenko, S.Yevseiev. Development of a method for detecting deviations in the nature of traffic from the elements of the communication network. International Scientific And Practical Conference “Information Security And Information Technologies”: Conference Proceedings. 13-19 September 2021. Kharkiv – Odesa, Ukraine. P.8-17, ISBN 978-966-676-818-9. Scopus
Kostiuk, Yu. V., Skladannyi, P. M., Bebeshko, B. T., Khorolska, K. V., Rzaieva, S. L., & Vorokhob, M. V. (2025). Information and communication systems security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Kostiuk, Yu. V., Skladannyi, P. M., Hulak, H. M., Bebeshko, B. T., Khorolska, K. V., & Rzaieva, S. L. (2025). Information security systems. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Hulak, H. M., Zhyltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2023). Enterprise information and cyber security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Олександр Лаптєв, Андрій Гапон, Андрій Ткачов
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
