FIELD: information technology.
SUBSTANCE: method is proposed, wherein a file operation executed on server by a user computer is intercepted via an interceptor; data is transmitted to analyzer via intercepted file operation, wherein data includes at least a type of file operation, data buffers with original file contents and modified file contents, data on a user's computer; information entropy is calculated for the data buffer with original file contents using the analyzer; information entropy is calculated for the data buffer with modified file contents using the analyzer; difference of obtained entropy values is calculated using the analyzer; if a threshold value of calculated difference is exceeded, a file operation runned on the server from the user's computer is determined as working malicious software.
EFFECT: provision of determining file operation runned on server from the user's computer as working malicious software.
6 cl, 5 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM AND METHOD OF MODIFIED DATA RECOVERY | 2015 |
|
RU2622630C2 |
| METHOD OF CREATING A SYSTEM CALL HANDLER | 2014 |
|
RU2596577C2 |
| METHOD OF INVOKING SYSTEM FUNCTIONS IN CONDITIONS OF USE OF AGENTS FOR PROTECTING OPERATING SYSTEM KERNEL | 2014 |
|
RU2585978C2 |
| SYSTEM AND METHOD FOR DETERMINING PROCESS ASSOCIATED WITH MALWARE ENCRYPTING COMPUTER SYSTEM FILES | 2020 |
|
RU2770570C2 |
| METHOD OF DETECTING UNKNOWN PROGRAMS BY LOAD PROCESS EMULATION | 2011 |
|
RU2472215C1 |
| SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD | 2018 |
|
RU2697954C2 |
| SYSTEM AND METHOD OF PROVIDING SAFETY OF ONLINE TRANSACTIONS | 2013 |
|
RU2587423C2 |
| METHOD OF RECALL OF ORIGINAL FUNCTION AFTER ITS INTERCEPTION WITH SAVING OF STACK OF PARAMETERS | 2013 |
|
RU2546588C2 |
| SYSTEM AND METHOD OF PROTECTING COMPUTER APPLICATIONS | 2011 |
|
RU2460133C1 |
| SYSTEM AND METHOD TO PROTECT COMPUTER SYSTEM AGAINST ACTIVITY OF HARMFUL OBJECTS | 2011 |
|
RU2468427C1 |
