METHOD OF DETECTING MALICIOUS FILES THAT COUNTERACT ANALYSIS IN ISOLATED ENVIRONMENT Russian patent published in 2019 - IPC G06F21/00 G06F21/56

Abstract RU 2708355 C1

FIELD: physics.

SUBSTANCE: invention relates to a method of recognizing a file as malicious. Method, according to which: file is opened by security device in virtual machine in form of environment for safe execution of files; generating, using a hypervisor interceptor, a log, which stores events occurring during execution of at least one process stream created when opening a file in said virtual machine; generating a security template from a log of a behaviour pattern which consists of those events which are related to safety; monitoring by security means events occurring during execution of at least one process stream created when opening a file on a computer system; the security file recognizes the file as malicious when at least one event is detected, which is related to security and is absent in the specified template.

EFFECT: technical result is to expand the range of means designed to recognize malicious files using means of counteracting analysis in an isolated environment.

7 cl, 4 dwg

Similar patents RU2708355C1

Title	Year	Author	Number
SYSTEM AND METHOD OF FILE ANALYSIS FOR MALICIOUSNESS IN VIRTUAL MACHINE	2017	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kobychev Denis Yurevich Golovkin Maksim Yurevich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich Kirsanov Dmitrij Aleksandrovich	RU2665911C2
SYSTEM AND METHOD FOR LOG FORMING IN VIRTUAL MACHINE FOR ANTI-VIRUS FILE CHECKING	2017	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kobychev Denis Yurevich Golovkin Maksim Yurevich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich Kirsanov Dmitrij Aleksandrovich	RU2649794C1
SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE	2018	Monastyrskij Aleksej Vladimirovich Pavlyushchik Mikhail Aleksandrovich Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kirsanov Dmitrij Aleksandrovich	RU2724790C1
METHOD OF DETECTING MALICIOUS EXECUTABLES, CONTAINING INTERPRETER, BY COMBINING EMULATORS	2015	Zakorzhevskij Vyacheslav Vladimirovich Vinogradov Dmitrij Valerevich Pintijskij Vladislav Valerevich Kirsanov Dmitrij Aleksandrovich	RU2622627C2
SYSTEM AND METHOD OF DETECTION OF MALICIOUS FILES USING A TRAINED MALWARE DETECTION PATTERN	2017	Chistyakov Aleksandr Sergeevich Lobacheva Ekaterina Maksimovna Romanenko Aleksej Mikhajlovich	RU2654151C1
SYSTEM AND METHOD OF MACHINE TRAINING MODEL OF DETECTING MALICIOUS FILES	2017	Chistyakov Aleksandr Sergeevich Lobacheva Ekaterina Maksimovna Romanenko Aleksej Mikhajlovich	RU2673708C1
SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE	2013	Polyakov Aleksej Aleksandrovich Sapronov Konstantin Vladimirovich	RU2587426C2
SYSTEM AND METHOD OF MANAGING COMPUTING RESOURCES FOR DETECTING MALICIOUS FILES	2017	Chistyakov Aleksandr Sergeevich Lobacheva Ekaterina Maksimovna Romanenko Aleksej Mikhajlovich	RU2659737C1
SYSTEM AND METHOD OF CLASSIFICATION OF OBJECTS	2017	Chistyakov Aleksandr Sergeevich Lobacheva Ekaterina Maksimovna Romanenko Aleksej Mikhajlovich	RU2679785C1
SYSTEM AND METHOD OF DETECTING A MALICIOUS FILE	2018	Chistyakov Aleksandr Sergeevich Romanenko Aleksej Mikhajlovich Shevelev Aleksandr Sergeevich	RU2739865C2

RU 2 708 355 C1

Authors

Karasovskij Dmitrij Valerievich

Shulmin Aleksej Sergeevich

Kobychev Denis Yurevich

Dates

2019-12-05—Published

2018-06-29—Filed