FIELD: information technology.
SUBSTANCE: method for detecting a malicious application on a user computing device is disclosed, according to which: a. interception is performed by intercepting the process to information displayed to the user for determining at least: process information accessing information displayed to the user, said information including at least a process identifier (PID); the areas on the computing device display on which the information is displayed to the user and accessed by the process; b. analysis is determined by means of intersection analysis means at the previous area stage on the computing device display with areas of elements of the graphical interface processes performed by the computing device to determine which of the areas of the elements of the graphical interface of said processes: contain said area; are contained in said area; partially intersect with said area; c. calculating by the analysis means of crossings rating of the importance of the previously determined area on the computing device display based on areas in which the graphical interface elements of processes running on the computing device contain said area, contained in said area and which of the areas of the elements of the graphical interface of the processes partially intersect with said area; d. calculating by security means of the access danger rating to the information displayed to the user based on process information performing access to the information displayed to the user; e. recognizing by security means of the application, from which the process has been launched, the access of which to the display of the user computing device intercepted in step "a" as malicious, if the combination of the access danger rating to the information displayed to the user and the value of the importance of the area exceeds the threshold value.
EFFECT: increased safety of the user computing device which is achieved by detecting a malicious application from which a process is launched that accesses the information displayed to the user computing device.
4 cl, 3 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM AND METHOD FOR BLOCKING ACCESS TO PROTECTED APPLICATIONS | 2016 |
|
RU2634168C1 |
| METHOD TO LOCK ACCESS TO DATA ON MOBILE DEVICE WITH API FOR USERS WITH DISABILITIES | 2015 |
|
RU2618946C1 |
| METHOD FOR IDENTIFYING INCONSISTENT USE OF THE RESOURCES OF A USER COMPUTING APPARATUS | 2020 |
|
RU2757330C1 |
| SYSTEM AND METHOD OF PROTECTING COMPUTER APPLICATIONS | 2011 |
|
RU2460133C1 |
| SYSTEM AND METHOD OF FILE ANALYSIS FOR MALICIOUSNESS IN VIRTUAL MACHINE | 2017 |
|
RU2665911C2 |
| SYSTEM AND METHOD OF MODIFIED DATA RECOVERY | 2015 |
|
RU2622630C2 |
| SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE | 2018 |
|
RU2724790C1 |
| SYSTEM AND METHOD OF PROTECTING DATA TRANSMISSION FROM INPUT DEVICES | 2014 |
|
RU2568283C2 |
| METHOD FOR AUTOMATIC ADJUSTMENT OF SECURITY MEANS | 2012 |
|
RU2514137C1 |
| METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2592383C1 |
