FIELD: physics, computer engineering.
SUBSTANCE: invention relates to means of creating rules for filtering insignificant events for event log analysis. Data are obtained from at least one data base. A template program is formed based on the obtained data. The formed template program is run using a software execution monitoring means. All events are recorded in an event log for events occurring while the template program is running. At least one rule for filtering low-significance events is created based on events from the event log if said events are low-significance events, where a low-significance event is an event occurring when running or emulating both safe applications and malicious applications.
EFFECT: fewer malfunctions when detecting malicious objects.
21 cl, 8 dwg, 1 tbl
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD FOR PROCESSING INFORMATION SECURITY EVENTS PRIOR TO TRANSMISSION FOR ANALYSIS | 2020 |
|
RU2762528C1 |
| METHOD OF CREATING SCRIPT OF POPULAR ACTIVATION EVENTS | 2015 |
|
RU2679783C2 |
| METHOD OF DETECTING UNKNOWN PROGRAMS BY LOAD PROCESS EMULATION | 2011 |
|
RU2472215C1 |
| SYSTEM AND METHOD OF CORRELATING EVENTS FOR DETECTING INFORMATION SECURITY INCIDENT | 2019 |
|
RU2739864C1 |
| METHOD FOR ADJUSTING THE PARAMETERS OF A MACHINE LEARNING MODEL IN ORDER TO IDENTIFY FALSE TRIGGERING AND INFORMATION SECURITY INCIDENTS | 2020 |
|
RU2763115C1 |
| SYSTEM AND METHOD OF DETECTING MALWARE | 2010 |
|
RU2430411C1 |
| SYSTEM AND METHOD OF DETECTING THE SIGNS OF COMPUTER ATTACKS | 2017 |
|
RU2661533C1 |
| METHOD OF PROTECTING COMPUTER SYSTEM FROM MALWARE | 2011 |
|
RU2566329C2 |
| METHOD OF MAINTAINING DATABASE AND CORRESPONDING SERVER | 2015 |
|
RU2698776C2 |
| METHOD FOR DETECTING ANOMALOUS EVENTS ON BASIS OF CONVOLUTION ARRAY OF SAFETY EVENTS | 2017 |
|
RU2673711C1 |
