FIELD: information technology.
SUBSTANCE: malicious program in a virtual environment is run; requests sent by malicious program to the malicious software control center are collected; the parameters in collected requests and their order are determined; requests with the same sets of parameters are grouped; for each group of requests a regular expression describing the parameters of this group of requests is formed; a request, described by the regular expression received in the previous step, is formed and sent to the malicious program cintrol center; a response from the control center is received, while if the response is encoded and/or encrypted, then it is decoded and/or decrypted; the response is analyzed to the presence of information, specific to conducting network attacks; the results are stored; computer attacks are identified using the results of analysis.
EFFECT: increasing the effectiveness of detecting computer attacks.
17 cl, 3 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| DOUBLE SELF-TEST OF MEMORY FOR PROTECTION OF MULTIPLE NETWORK ENDPOINTS | 2016 |
|
RU2714607C2 |
| SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD | 2018 |
|
RU2697954C2 |
| SYSTEM AND METHODS FOR DECRYPTING NETWORK TRAFFIC IN A VIRTUALIZED ENVIRONMENT | 2017 |
|
RU2738021C2 |
| SYSTEMS AND METHODS FOR DETECTING MALICIOUS PROGRAMS WITH A DOMAIN GENERATION ALGORITHM (DGA) | 2016 |
|
RU2726032C2 |
| SYSTEM AND METHOD OF AUTOGENERATION OF DECISION RULES FOR INTRUSION DETECTION SYSTEMS WITH FEEDBACK | 2016 |
|
RU2634209C1 |
| OBJECTS OF VIRTUAL NETWORK INTERFACE | 2012 |
|
RU2646343C1 |
| METHOD OF ANALYSING AND DETECTING MALICIOUS INTERMEDIATE NODES IN NETWORK | 2012 |
|
RU2495486C1 |
| OBJECTS OF VIRTUAL NETWORK INTERFACE | 2012 |
|
RU2595517C2 |
| ROBUST AND SECURE HARDWARE-COMPUTER SYSTEM IN CLOUD COMPUTING ENVIRONMENT | 2013 |
|
RU2557476C2 |
| SYSTEMS AND METHODS FOR REPORTING COMPUTER SECURITY INCIDENTS | 2019 |
|
RU2757597C1 |
