FIELD: physics.
SUBSTANCE: invention relates to means of computer security. Systems and methods which enable efficient analysis of security-related events, especially on hardware virtualisation platforms. In some embodiments, the notification handler detects presence of an event within the virtual machine and transmits data on the corresponding event to security software. Security software tries to match the corresponding event with a set of behavioural signatures and exclusion signatures. Exception contains a set of conditions which, if they are satisfied by a tuple <event, object>, indicate that the corresponding object is not malicious. In some embodiments, part of comparison with exceptions is performed synchronously, and other part of comparison with exceptions is performed asynchronously.
EFFECT: technical result is a wider range of equipment.
21 cl, 10 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| PAGE ERROR INSERTION IN VIRTUAL MACHINES | 2014 |
|
RU2659472C2 |
| COMPLEX CLASSIFICATION FOR DETECTING MALWARE | 2014 |
|
RU2645268C2 |
| SYSTEMS AND METHODS FOR PRESENTING A RESULT OF A CURRENT PROCESSOR INSTRUCTION WHEN EXITING FROM A VIRTUAL MACHINE | 2015 |
|
RU2686552C2 |
| MEMORY INTROSPECTION ENGINE FOR PROTECTING INTEGRITY OF VIRTUAL MACHINES | 2014 |
|
RU2640300C2 |
| EVALUATION OF PROCESS OF MALWARE DETECTION IN VIRTUAL MACHINES | 2014 |
|
RU2634205C2 |
| SYSTEM AND METHODS FOR AUDITING A VIRTUAL MACHINE | 2017 |
|
RU2691187C1 |
| DOUBLE SELF-TEST OF MEMORY FOR PROTECTION OF MULTIPLE NETWORK ENDPOINTS | 2016 |
|
RU2714607C2 |
| METHOD OF BEHAVIORAL DETECTION OF MALICIOUS PROGRAMS USING A VIRTUAL INTERPRETER MACHINE | 2016 |
|
RU2679175C1 |
| SYSTEM AND METHODS FOR DECRYPTING NETWORK TRAFFIC IN A VIRTUALIZED ENVIRONMENT | 2017 |
|
RU2738021C2 |
| COMPUTER SYSTEM AND METHOD FOR DETECTING MALWARE USING MACHINE LEARNING | 2021 |
|
RU2802860C1 |
