SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE Russian patent published in 2016 - IPC G06F21/00 

Abstract RU 2587426 C2

FIELD: information technology.

SUBSTANCE: invention relates to protection against computer threats. Method of detecting harmful objects on a computing device comprises the following steps: a) obtaining of information on at least one object on the computing device containing, among them, a checksum of the object by means of a device for detection of suspicious objects; b) analysis of the said information on the object by means of a device for detection of suspicious objects, at that, based on a set of heuristic rules used by the device for detection of suspicious objects, one determines if the analysed object is suspicious or not; c) collection, by means of device for detection of suspicious objects, of information on the object, if it was classified as suspicious at the earlier stage, while the said information includes at least an API-function call history log, time of appearance of the object on the computing device, and transmission of the collected information on the suspicious object to a device for objects analysis; d) performance of analysis of the received from the device for detection of suspicious objects information on the object by the device for objects analysis; at that, based on a set of heuristic rules used by the device for objects analysis, done determines whether the suspicious object is potentially harmful or not, and sends a request for transmission of the potentially harmful object; at that, recognition of the suspicious object as potentially harmful in accordance with heuristic rules is carried out by comparing information on the analysed object and information on objects stored in a database of harmful objects and a database of safe objects; at that, the set of heuristic rules used for the said analysis differs from the set of heuristic rules used by the device for detection of suspicious objects; e) reception of a request from the device for objects analysis for transmission of a potentially harmful object by means of the device for detection of suspicious objects; f) determination, with the help of the device for complying with safety policy, of a possibility for transmission of the potentially harmful object to the device for objects analysis; at that, if transmission the potentially harmful object is prohibited in accordance with the security policy used by the device for complying with security policy, the latter inhibits transmission of the potentially harmful object to the device for objects analysis, otherwise the transmission is allowed; g) transmission, with the help of the device for detection of suspicious objects of the potentially harmful object for analysis to the device of objects analysis, if transmission was permitted by the device for complying with security policies at the earlier stage; h) analysis of received potentially harmful object by means of the device for objects analysis, at that, one clarifies, whether the degree of similarity of the potentially harmful object with any object from a database of harmful objects exceeds the preset threshold, and if the degree of similarity of the potentially harmful object with any object from a database of harmful objects exceeds the preset threshold, the said object is recognised as harmful.

EFFECT: higher safety of a computing device.

2 cl, 3 dwg

Similar patents RU2587426C2

Title Year Author Number
METHOD FOR AUTOMATIC GENERATION OF HEURISTIC ALGORITHMS FOR SEARCHING FOR MALICIOUS OBJECTS 2012
  • Zajtsev Oleg Vladimirovich
RU2510530C1
COMPUTING APPARATUS AND METHOD FOR IDENTIFYING COMPROMISED APPARATUSES BASED ON DNS TUNNELLING DETECTION 2021
  • Afonin Anton Viktorovich
RU2777348C1
SYSTEM AND METHOD OF DETECTING THE SIGNS OF COMPUTER ATTACKS 2017
  • Gordejchik Sergej Vladimirovich
  • Sapronov Konstantin Vladimirovich
  • Parshin Yurij Gennadevich
  • Kheirkhabarov Tejmur Samedovich
  • Soldatov Sergej Vladimirovich
RU2661533C1
METHOD FOR ADJUSTING THE PARAMETERS OF A MACHINE LEARNING MODEL IN ORDER TO IDENTIFY FALSE TRIGGERING AND INFORMATION SECURITY INCIDENTS 2020
  • Filonov Pavel Vladimirovich
  • Soldatov Sergej Vladimirovich
  • Udimov Daniil Alekseevich
RU2763115C1
METHOD FOR PROCESSING INFORMATION SECURITY EVENTS PRIOR TO TRANSMISSION FOR ANALYSIS 2020
  • Filonov Pavel Vladimirovich
  • Soldatov Sergej Vladimirovich
  • Udimov Daniil Alekseevich
RU2762528C1
METHOD FOR EARLY DETECTION OF DESTRUCTIVE EFFECTS OF BOTNET ON A COMMUNICATION NETWORK 2019
  • Grechishnikov Evgenij Vladimirovich
  • Dobryshin Mikhail Mikhajlovich
  • Kozachok Aleksandr Vasilevich
  • Spirin Andrej Andreevich
  • Kochedykov Sergej Sergeevich
  • Potapov Sergej Evgenevich
RU2731467C1
SYSTEM AND METHOD OF DETECTING MALICIOUS SCRIPT 2017
  • Pavlyushchik Mikhail Aleksandrovich
RU2659738C1
METHOD FOR CHANGING THE MALWARE DETECTION RULE 2021
  • Lopatin Evgenii Igorevich
RU2776926C1
SYSTEM AND METHOD OF DETECTING THE HARMFUL CODE IN THE ADDRESS PROCESS SPACE 2017
  • Pavlyushchik Mikhail Aleksandrovich
RU2665910C1
SYSTEM AND METHOD FOR EVALUATION OF RELIABILITY OF CATEGORISATION RULES 2013
  • Antonov Aleksej Evgenevich
  • Romanenko Aleksej Mikhajlovich
RU2587429C2

RU 2 587 426 C2

Authors

Polyakov Aleksej Aleksandrovich

Sapronov Konstantin Vladimirovich

Dates

2016-06-20Published

2013-12-27Filed