FIELD: calculating; counting.
SUBSTANCE: invention relates to computer engineering. Disclosed is a host system for organizing a collection of monitored executable objects in a plurality of groups of objects, comprising at least one hardware processor and a memory unit, wherein at least one hardware processor is configured to execute object manager and heuristic mechanism, wherein the objects manager is configured to organize a collection of monitored executable objects into a plurality of groups of objects, wherein the arrangement of the collection comprises: in response to detection, that the first collection object spawned a child object, determining whether the first object belongs to the group of objects of the group creators; in response to determining whether the first object belongs to the category of group creators, if the first object is referred to the category of group creators: adding a new group of objects to a plurality of groups of objects and assigning a child object to a new group of objects; and in response to determination whether the first object belongs to the category of group creators, if the first object is not related to the category of group creators: selecting a first group of objects from a plurality of groups of objects such that a first object is a member of a first group of objects, and assigning a child object to a first group of objects; and the heuristic mechanism is configured to respond to the first action performed by the child object: selecting a second group of objects from the plurality of groups of objects such that the child object is a member of the second group of objects, wherein the child object is both a member of the second group of objects, and a member of the first group of objects or the new group of objects; and in response to selection of the second group of objects to determine whether the first action indicates the malicious program attack, in accordance with the second action performed by the other member of the second group of objects.
EFFECT: technical result is determination of malware attack based on organization of set of monitored executable objects in multiple groups of objects.
28 cl, 19 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| DYNAMIC REPUTATION INDICATOR FOR OPTIMIZATION OF COMPUTER SECURITY OPERATIONS | 2017 |
|
RU2723665C1 |
| METHOD OF BEHAVIORAL DETECTION OF MALICIOUS PROGRAMS USING A VIRTUAL INTERPRETER MACHINE | 2016 |
|
RU2679175C1 |
| SYSTEMS AND METHODS OF DEVICES AUTOMATIC DETECTION | 2017 |
|
RU2742824C2 |
| SYSTEMS AND METHODS FOR USING A REPUTATION INDICATOR TO FACILITATE MALWARE SCANNING | 2014 |
|
RU2646352C2 |
| SYSTEMS AND METHODS FOR DETECTING BEHAVIOURAL THREATS | 2019 |
|
RU2778630C1 |
| SYSTEMS AND METHODS FOR DETECTING BEHAVIOURAL THREATS | 2019 |
|
RU2803399C2 |
| SYSTEMS AND METHODS FOR DETECTING MALICIOUS PROGRAMS WITH A DOMAIN GENERATION ALGORITHM (DGA) | 2016 |
|
RU2726032C2 |
| SYSTEMS AND METHODS FOR DETECTING BEHAVIOURAL THREATS | 2019 |
|
RU2772549C1 |
| COMPUTER SYSTEM AND METHOD FOR DETECTING MALWARE USING MACHINE LEARNING | 2021 |
|
RU2802860C1 |
| SYSTEMS AND METHODS FOR REPORTING COMPUTER SECURITY INCIDENTS | 2019 |
|
RU2757597C1 |
