SYSTEM AND METHOD FOR DETECTING HARMFUL COMPUTER SYSTEMS Russian patent published in 2017 - IPC G06F21/56 

FIELD: information technology.

SUBSTANCE: system for the recognition of computer system as malicious is disclosed, where the malicious computer system is a computer system on which the malicious activity is performed, i.e. the actions performed by malicious applications, which comprises: a) device for the performance data collection, designed to: collect performance data of computer system; transmite the collected performance data to network spaces construction device; b) device for creating network space, intended to: define relationships between the characteristics of computer system; determine the time dependence of computer system state based on the analysis of certain bonds; transfer a particular time dependence based on the computer system state to identification tool; C) identification tool designed to: determine computer system state based on the analysis of obtained time dependence of computer system state; compare the defined computer system state with at least one predetermined template of the computer system state; transmite the comparison result to the analysis tool; g) analysis tool, intended for: determining the harmfulness degree of the computer system based on the analysis of received result of the comparison of computer system state with a pre-defined template of computer system state; the verdict on the recognition of computer system as malicious by comparing a degree of harmfulness of a computer system with a fixed threshold.

EFFECT: detection of malicious computer systems through the use of a system to recognize a computer system as malicious, while a malicious computer system is a computer system on which malicious applications operate.

8 cl, 3 dwg