Abstract

Subject of Research.The need for slowdown of the increasing number of vulnerabilities caused by installation of unauthorized software on computer equipment, calls for an approach development to automate the audit of data storage media. The paper proposes an approach for identification of informative assembler commands. We study the effect of a chosen feature used for creation of unified program signature on the identification results. Methods. The Shannon method was used for informativity calculation. It gives the possibility to determine the feature informativity for random number of object classes and is independent of the volume of observed feature samples. Identification of elf-files was based on application of chi-square statistical homogeneity criterion. Main Results. Quantitative informativity characteristics for 118 assembler commands are obtained. The analysis of experiment results for executable files identification is carried out with the use of ten different features for creation of program signatures. Comparison is performed by chi-square homogeneity criterion at significance levels p = 0.05 and p = 0.01. Practical Relevance. We have found out the importance of particular feature application in the task of program signatures creation, as well as the possibility of considering several executable file signatures in common to create the final score of belonging to a certain program.