SYSTEM AND METHOD OF DETECTING MALICIOUS FILES ACCOMPANIED WITH USING THE STATIC ANALYSIS ELEMENTS Russian patent published in 2018 - IPC G06F21/56 G06N3/02 

FIELD: information technology.

SUBSTANCE: invention relates to the field of detection of malicious files. System for recognizing the file as malicious is disclosed, which contains the following: a) the resource extraction tool, which is designed in order to: extract resources from the analyzed file; transfer the extracted resources to the rule formation and rule searching tools; b) the rule formation tool, which is designed in order to: generate at least one rule establishing the functional relationship between the resources received (hereinafter – the rule), in this case, the rule is formed by means of creating from the acquired resources the artificial neural network, where the nodes of the artificial neural network are the tools of analyzing the received resources, and the links between nodes, which were formed during the creation of the neural network, indicate the functional relationship between the resources received; of transfer of each formed rule to the rule comparison tool; c) the rule searching tool, which is designed in order to: search for at least one rule in the database of malicious file resources based on the received resources; transfer of each found rule to the rule comparison tool; d) the rule comparison tool, which is intended for: calculating the degree of similarity between the rules obtained from the rule formation tools and the rule searching tools; of transfer of the calculated degree of similarity to the decision making tool; e) the decision making tool is intended for: recognizing the file being analyzed as malicious, in the case where the obtained degree of similarity exceeds the predetermined threshold value.

EFFECT: technical result is the detection of malicious files based on the analysis of functional dependencies between the resources of the analyzed files.

16 cl, 3 dwg