FIELD: computer equipment.
SUBSTANCE: present technical solution relates to computer engineering, particularly to a method and system for detecting malicious files in a non-isolated medium. A computer-implemented method for detecting malicious files in a non-isolated medium comprises: a preparatory step, where: generating a collection of files, which contains at least one malicious executable file and at least one non-malicious executable file; analyzing at least one executable file, wherein: extracting data from binary and disassembled types of executable file, based on which parameters are created for further training classifier, wherein additionally by statistical method determining parameters characteristic of malicious files and / or vice versa is not malicious; wherein first and second flow graph is extracted; based on obtained parameters first and second feature vector are constructed; creating an ensemble of classifiers from: first trained classifier based on first feature vector, a second trained classifier based on a second feature vector; third classifier, trained based on first flow graph, fourth classifier, trained on second flow graph, wherein for each classifier a decision priority is determined in advance; working stage, at which: obtaining, at least, one executable file; trained at the preparatory stage classifier ensemble, to detect malicious executable files; analysis result is output.
EFFECT: disclosed is a method of detecting malicious files.
15 cl, 1 tbl, 5 dwg
