FIELD: information technology.
SUBSTANCE: system for detection of an undesirable application in a computer system is disclosed, the said system comprising: a) a collection means for obtaining of an application installed in a computer system; detection of at least one file included in the application; collection of information about the detected file associations with at least one other file located in the same computer system. Two files are associated if at least two of the following conditions are met: files were created by one application, files were downloaded to the computer from one network address, the time interval between file modifications is less than the set threshold, coincident attributes of files; transfer of collected information to the search tool; b) a search means for detection of at least one other application containing at least one found file, wherein the said application is installed in the same computer system as the application received by the collection means; transfer of information identifying the detected application to the verification means; c) a verification means designed to determine the frequency of use of the received application and the application identified by the information received. The frequency of application usage characterizes the number of actions performed by the application in the computer system; detection of the received application as an undesirable application based on a comparison of the usage frequencies of the received application and the application identified by the received information. Comparison of the frequencies of use of the received application and the application identified by the received information is performed as follows: the frequency of use of each application is represented in the form of a multidimensional vector, each component of which is one of the frequencies making up the frequency of application use; the scalar product of two application vectors is found; the calculated scalar product value is compared to the set threshold value and if the calculated value is higher than the set threshold value, the received application is considered undesirable.
EFFECT: identification of unwanted applications using an unwanted application detection system in a computer system.
10 cl, 4 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD OF PREVENTING PROGRAM OPERATION COMPRISING FUNCTIONAL UNDESIRABLE FOR USER | 2015 |
|
RU2618947C2 |
| SYSTEM AND METHOD FOR DETECTING HARMFUL COMPUTER SYSTEMS | 2016 |
|
RU2634181C1 |
| SYSTEM AND METHOD OF DETECTING HARMFUL FILES ON DISTRIBUTED SYSTEM OF VIRTUAL MACHINES | 2016 |
|
RU2628919C1 |
| SYSTEM AND METHOD OF DETECTING MALICIOUS FILES ACCOMPANIED WITH USING THE STATIC ANALYSIS ELEMENTS | 2017 |
|
RU2654146C1 |
| METHOD OF DETECTING HARMFUL COMPOSITE FILES | 2016 |
|
RU2634178C1 |
| METHOD OF COMPOSITE FILE ACCESS CONTROL | 2017 |
|
RU2659739C1 |
| SYSTEM AND METHOD FOR ANALYSING FILE LAUNCH EVENTS FOR DETERMINING SAFETY RANKING THEREOF | 2012 |
|
RU2531565C2 |
| SYSTEM AND METHOD FOR TRAINING HARMFUL CONTAINER DETECTION MODEL | 2018 |
|
RU2697955C2 |
| METHOD FOR DETERMINING SIMILARITY OF COMPOSITE FILES | 2016 |
|
RU2628922C1 |
| SYSTEM AND METHOD OF MANAGING COMPUTING RESOURCES FOR DETECTING MALICIOUS FILES | 2017 |
|
RU2659737C1 |
