FIELD: protection of computer systems from malware.
SUBSTANCE: invention relates to protection of computer systems from malware. Host system for detecting malware entity is discovered comprising a memory unit that stores instructions, using which the host system, when performed by at least one hardware processor of the host system, executes the entity management module, the entity assessment engine and the classification engine, wherein: the entity management module is configured to manage a collection of assessed software entities, the collection management comprising: identifying a set of daughter entities of the first collection entity; determining if the first entity is complete; in response, when the first entity is completed, determining if all members of the set of daughter entities are completed; and in response, when all members of the set of daughter entities are completed, removing the first entity from the collection; entity assessment engine is configured with the ability to: assess the first entity according to the assessment criterion; and in response, when the first entity satisfies the assessment criterion, transmit the assessment indicator to the classification engine; classification engine is configured to: record the first indicator determined for the first entity and the second indicator determined for the second entity of the collection, wherein the first and second indicators are determined according to the assessment criterion; in response to the recording of the first and second indicators and in response to the receipt of the assessment indicator, update the second indicator according to the assessment indicator; in response, to determine whether the second entity is malicious according to the updated second indicator, in response to the recording of the first and second indicators and in response to the receipt of the assessment indicator, update the second indicator according to the assessment indicator; in response, to determine whether the second entity is malicious according to the updated second indicator.
EFFECT: technical result is the determination whether the software entity is malicious, based on a variety of indicators for the assessment of the relevant entity, which makes it possible to create a more robust anti-malware solution in comparison with similar traditional solutions.
15 cl, 13 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| EVALUATION OF PROCESS OF MALWARE DETECTION IN VIRTUAL MACHINES | 2014 |
|
RU2634205C2 |
| MEMORY INTROSPECTION ENGINE FOR PROTECTING INTEGRITY OF VIRTUAL MACHINES | 2014 |
|
RU2640300C2 |
| SYSTEMS AND METHODS FOR PRESENTING A RESULT OF A CURRENT PROCESSOR INSTRUCTION WHEN EXITING FROM A VIRTUAL MACHINE | 2015 |
|
RU2686552C2 |
| PAGE ERROR INSERTION IN VIRTUAL MACHINES | 2014 |
|
RU2659472C2 |
| COMPUTER SECURITY SYSTEMS AND METHODS USING ASYNCHRONOUS INTROSPECTION EXCEPTIONS | 2016 |
|
RU2703156C2 |
| DYNAMIC REPUTATION INDICATOR FOR OPTIMIZATION OF COMPUTER SECURITY OPERATIONS | 2017 |
|
RU2723665C1 |
| COMPUTER SYSTEM AND METHOD FOR DETECTING MALWARE USING MACHINE LEARNING | 2021 |
|
RU2802860C1 |
| SYSTEMS AND METHODS FOR DETECTING BEHAVIOURAL THREATS | 2019 |
|
RU2803399C2 |
| DOUBLE SELF-TEST OF MEMORY FOR PROTECTION OF MULTIPLE NETWORK ENDPOINTS | 2016 |
|
RU2714607C2 |
| SYSTEMS AND METHODS FOR DETECTING BEHAVIOURAL THREATS | 2019 |
|
RU2778630C1 |
