Patenton — panteon of patents

(19)

RU

(11)

2 427 890

(13)

C2

(51)

IPC

G06F9/44(2006-01-01)

G06F21/00(2006-01-01)

G06F7/02(2006-01-01)

(21) (22)

Application

2009136238/08, 2009-10-01

(24)

Start date

2009-10-01

(22)

Actual filing date

2009-10-01

(45)

Published

2011-08-27

(72)

Inventor

Vasilenko Roman Sergeevich

(73)

Holder

Zao Kasperskogo"

SYSTEM AND METHOD TO COMPARE FILES BASED ON FUNCTIONALITY TEMPLATES Russian patent published in 2011 - IPC G06F9/44 G06F21/00 G06F7/02 

Abstract RU 2427890 C2

FIELD: information technologies.

SUBSTANCE: method to determine belonging of files to collections of available files on the basis of files comparison with the help of functionality templates includes stages, at which functionality templates are generated on the basis of information on the executed file. Then extracted noise information is deleted from functionality templates of the executed file. Then units of functionality templates of the executed file are reduced to normalised view. Then these units are compared to units of functionality templates of available files, and using comparison results, decision is made on belonging of the unit to one of functionality templates of available files. Creating functionality templates by available malicious software, newly arrived files may be compared with them, and automatic records may be added with condition of similarity; characteristic logical units are extracted from collections of malicious programs, and heuristic rules are created by these units; automatic descriptions are generated. Also the possibility appears to carry out clusterisation of objects, which helps to accelerate their further processing.

EFFECT: increased reliability and accuracy of malicious software detection, achieved by comparison of executed files by means of functionality templates.

14 cl, 16 dwg

Similar patents RU2427890C2

Title Year Author Number
METHOD OF ASSOCIATING PREVIOUSLY UNKNOWN FILE WITH COLLECTION OF FILES DEPENDING ON DEGREE OF SIMILARITY 2009
  • Malanov Aleksej Vladimirovich
 RU2420791C1
SYSTEM AND METHOD OF INCREASING EFFICIENCY OF DETECTING UNKNOWN HARMFUL OBJECTS 2010
  • Mashevskij Jurij Vjacheslavovich
  • Vasilenko Roman Sergeevich
 RU2454714C1
FUZZY WHITELISTING ANTI-MALWARE SYSTEMS AND METHODS 2012
  • Tofan I. Vlad
  • Dudya V. Sorin
  • Kanzha D. Vorel
 RU2607231C2
SYSTEM AND METHOD FOR DETECTING MALICIOUS FILES ON MOBILE DEVICES 2015
  • Kivva Anton Andreevich
  • Buchka Nikita Aleksandrovich
  • Kuzin Mikhail Yurevich
  • Chebyshev Viktor Vladimirovich
 RU2614557C2
SYSTEM AND METHOD OF CREATING RULES FOR FILTERING INSIGNIFICANT EVENTS FOR EVENT LOG ANALYSIS 2012
  • Zajtsev Oleg Vladimirovich
 RU2514139C1
METHOD FOR DETECTING HARMFUL ASSEMBLIES 2015
  • Ivanov Dmitrij Gennadevich
  • Pavlov Nikita Alekseevich
  • Shvetsov Dmitrij Vladimirovich
  • Gorshenin Mikhail Aleksandrovich
 RU2628920C2
METHOD FOR DETERMINING SIMILARITY OF COMPOSITE FILES 2016
  • Kryukov Andrej Vladimirovich
  • Liskin Aleksandr Viktorovich
  • Ivanov Anton Mikhajlovich
 RU2628922C1
SYSTEM AND METHOD OF SIMILAR FILES DETERMINING 2015
  • Antonov Aleksej Evgenevich
  • Romanenko Aleksej Mikhajlovich
 RU2614561C1
SYSTEM AND METHOD OF MAKING FLEXIBLE CONVOLUTION FOR MALWARE DETECTION 2013
  • Antonov Aleksej Evgenevich
  • Romanenko Aleksej Mikhajlovich
 RU2580036C2
MACHINE CODE ACCESS LIMITATION METHOD TO THE OPERATING SYSTEM RESOURCES 2016
  • Ivanov Dmitrij Gennadevich
  • Pavlov Nikita Alekseevich
  • Shvetsov Dmitrij Vladimirovich
  • Gorshenin Mikhail Aleksandrovich
 RU2625052C1

RU 2 427 890 C2

Authors

Vasilenko Roman Sergeevich

Dates

2011-08-27Published

2009-10-01Filed

download Download PDF read Similar patents