Show metadata Hide metadata

(19)

(11)

2 615 317

(13)

(51)

IPC

G06F21/56(2013-01-01)

H04L29/02(2006-01-01)

(21) (22)

Application

2016102879, 2016-01-28

(24)

Start date

2016-01-28

(22)

Actual filing date

2016-01-28

(45)

Published

2017-04-04

(72)

Inventor

Ivanov Vladimir NikolaevichVoronin Aleksej VladimirovichPonomarev Dmitrij VladimirovichTrofimenkov Sergej Andreevich

(73)

Holder

Federalnoe Gosudarstvennoe Kazennoe Voennoe Obrazovatelnoe Uchrezhdenie Vysshego Obrazovaniya Federalnoj Sluzhby Okhrany Rossijskoj Federatsii" Fso Rossii)

METHOD FOR DETECTION OF MALICIOUS SOFTWARE CODES IN NETWORK DATA TRAFFIC, INCLUDING EXPOSED TO COMBINATION OF POLYMORPHIC TRANSFORMATIONS Russian patent published in 2017 - IPC G06F21/56 H04L29/02

Abstract RU 2615317 C1

FIELD: information technology.

SUBSTANCE: method in which ordered memory containing recorded traffic is separated to series of equal volume blocks of predetermined length; traffic image is formed in-memory, allocating an ordered set of cells with number of cells equal to number of blocks; in each of traffic blocks states of all memory cells included in the analyzed block is compared, the number of unique states of cells is defined in each block; values corresponding to the number of unique states of cells in i-th blocks of analyzed traffic is recorded in i-th image cells; degree of similarity of all subsets of consecutive cells of image generated with all standards is determined selecting such subsets of length equal to the length of at least one of the standards, and calculating the value of the degree of similarity of fragments of image generated with malicious software standards.

EFFECT: increased completeness of detection of malicious software, including exposed to polymorphic transformations.

2 dwg

Similar patents RU2615317C1

Title	Year	Author	Number
SYSTEM AND METHOD FOR TRAINING HARMFUL CONTAINER DETECTION MODEL	2018	Krylov Vladimir Vladimirovich Liskin Aleksandr Viktorovich Antonov Aleksej Evgenevich	RU2697955C2
SYSTEM AND METHOD FOR DETECTING MALICIOUS EXECUTABLE FILES BASED ON SIMILARITY OF EXECUTABLE FILE RESOURCES	2013	Tatarinov Ivan Ivanovich	RU2541120C2
METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY	2015	Pavlyushshik Mikhail Aleksandrovich Monastyrskij Aleksej Vladimirovich Nazarov Denis Aleksandrovich	RU2592383C1
METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY	2015	Pavlyushshik Mikhail Aleksandrovich Monastyrskij Aleksej Vladimirovich Nazarov Denis Aleksandrovich	RU2589862C1
SYSTEM AND METHOD OF DETECTING MALICIOUS FILES ACCOMPANIED WITH USING THE STATIC ANALYSIS ELEMENTS	2017	Krylov Vladimir Vladimirovich Liskin Aleksandr Viktorovich	RU2654146C1
SYSTEM AND METHOD OF CLASSIFICATION OF OBJECTS	2017	Chistyakov Aleksandr Sergeevich Lobacheva Ekaterina Maksimovna Romanenko Aleksej Mikhajlovich	RU2679785C1
SYSTEM AND METHOD FOR DETECTING MALICIOUS FILES ON MOBILE DEVICES	2015	Kivva Anton Andreevich Buchka Nikita Aleksandrovich Kuzin Mikhail Yurevich Chebyshev Viktor Vladimirovich	RU2614557C2
SYSTEM AND METHOD OF DETECTING A MALICIOUS FILE	2018	Chistyakov Aleksandr Sergeevich Romanenko Aleksej Mikhajlovich Shevelev Aleksandr Sergeevich	RU2739865C2
SYSTEM AND METHOD OF MANAGING COMPUTING RESOURCES FOR DETECTING MALICIOUS FILES	2017	Chistyakov Aleksandr Sergeevich Lobacheva Ekaterina Maksimovna Romanenko Aleksej Mikhajlovich	RU2659737C1
METHOD OF DETECTING HARMFUL COMPOSITE FILES	2016	Kryukov Andrej Vladimirovich Liskin Aleksandr Viktorovich Ivanov Anton Mikhajlovich	RU2634178C1

RU 2 615 317 C1

Authors

Ivanov Vladimir Nikolaevich

Voronin Aleksej Vladimirovich

Ponomarev Dmitrij Vladimirovich

Trofimenkov Sergej Andreevich

Dates

2017-04-04—Published

2016-01-28—Filed