Show metadata Hide metadata

(19)

(11)

2 673 407

(13)

(51)

IPC

G06F21/56(2013-01-01)

(21) (22)

Application

2017136610, 2017-10-18

(24)

Start date

2017-10-18

(22)

Actual filing date

2017-10-18

(45)

Published

2018-11-26

(72)

Inventor

Gordejchik Sergej VladimirovichSoldatov Sergej VladimirovichSapronov Konstantin Vladimirovich

(73)

Holder

Aktsionernoe Obshchestvo Kasperskogo"

SYSTEM AND METHOD FOR IDENTIFYING MALICIOUS FILES Russian patent published in 2018 - IPC G06F21/56

Abstract RU 2673407 C1

FIELD: information technology.

SUBSTANCE: invention relates to computer security. This method for determining a malicious file in which at least the calls of API functions are recorded in the local call log of each computing device during the execution of the same files, during the execution of the file, the local log of calls for matching registered at least API function calls to behavioral rules from the local threat database is searched, in the case when no match to the behavioral rules is found, the local call log is transmitted to the detector, using the detection tool, the local call logs of the same files are combined into the combined call log, so that for each local call log, in the combined call log, there is at least one entry that is not in the local call log, entries from the combined call log matching at least one behavioral rule from the threat database are searched, when entries from the combined call log matching at least one behavioral rule from the threat database are found, the file is identified as malicious according to the found behavioral rule.

EFFECT: improving the identification of a malicious file using behavioral rules.

15 cl, 5 dwg

Similar patents RU2673407C1

Title	Year	Author	Number
SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD	2018	Gordejchik Sergej Vladimirovich Soldatov Sergej Vladimirovich Sapronov Konstantin Vladimirovich	RU2697954C2
SYSTEM AND METHOD OF DETECTING THE SIGNS OF COMPUTER ATTACKS	2017	Gordejchik Sergej Vladimirovich Sapronov Konstantin Vladimirovich Parshin Yurij Gennadevich Kheirkhabarov Tejmur Samedovich Soldatov Sergej Vladimirovich	RU2661533C1
METHOD FOR ADJUSTING THE PARAMETERS OF A MACHINE LEARNING MODEL IN ORDER TO IDENTIFY FALSE TRIGGERING AND INFORMATION SECURITY INCIDENTS	2020	Filonov Pavel Vladimirovich Soldatov Sergej Vladimirovich Udimov Daniil Alekseevich	RU2763115C1
METHOD FOR PROCESSING INFORMATION SECURITY EVENTS PRIOR TO TRANSMISSION FOR ANALYSIS	2020	Filonov Pavel Vladimirovich Soldatov Sergej Vladimirovich Udimov Daniil Alekseevich	RU2762528C1
SYSTEM AND METHOD FOR DETERMINING THE FILE TRUST LEVEL	2019	Zagorskij Sergej Gennadevich Shvetsov Dmitrij Vladimirovich	RU2750628C2
SYSTEM AND METHOD OF ADAPTING PATTERNS OF DANGEROUS PROGRAM BEHAVIOR TO USERS' COMPUTER SYSTEMS	2017	Pavlyushchik Mikhail Aleksandrovich Slobodyanyuk Yurij Gennadevich Monastyrskij Aleksej Vladimirovich Martynenko Vladislav Valerevich	RU2652448C1
METHOD FOR IDENTIFYING INFORMATION SECURITY THREATS (OPTIONS)	2023	Sergeev Viktor Gennadevich Skablonskii Andrei Vadimovich Vorontsov Dmitrii Viktorovich Spravtsev Iurii Vladimirovich	RU2802539C1
SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE	2013	Polyakov Aleksej Aleksandrovich Sapronov Konstantin Vladimirovich	RU2587426C2
SYSTEM AND METHOD FOR PERFORMING ANTI-VIRUS SCAN OF FILE ON VIRTUAL MACHINE	2016	Monastyrskij Aleksej Vladimirovich Butuzov Vitalij Vladimirovich Golovkin Maksim Yurevich Karasovskij Dmitrij Valerievich Pintijskij Vladislav Valerevich Kobychev Denis Yurevich	RU2628921C1
SYSTEM AND METHOD OF FILE ANALYSIS FOR MALICIOUSNESS IN VIRTUAL MACHINE	2017	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kobychev Denis Yurevich Golovkin Maksim Yurevich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich Kirsanov Dmitrij Aleksandrovich	RU2665911C2

RU 2 673 407 C1

Authors

Gordejchik Sergej Vladimirovich

Soldatov Sergej Vladimirovich

Sapronov Konstantin Vladimirovich

Dates

2018-11-26—Published

2017-10-18—Filed