FIELD: computer technology.
SUBSTANCE: invention relates to the field of computer technology for detecting malicious files based on file fragments. The technical result described below is achieved by selecting a set of data fragments from a file using fragment selection rules, while the data fragment is a continuous, not decompiled sequence of bytes of a fixed-length file; reducing the number of file data fragments in the selected set of file data fragments using rules that reduce the number of fragments; for each piece of data from the selected set, determining the fragment category by searching for a sequence of bytes that contains wildcard characters that matches previously known file fragments; searching for a detection rule that corresponds to a set of malicious file data fragments if the number of fragments from the set that belong to the malicious category exceeds the threshold value; and recognizing the file as malicious based on the application of the found rule.
EFFECT: reduced time required to recognize a file as malicious.
8 cl, 3 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM AND METHOD FOR TWO-STAGE CLASSIFICATION OF FILES | 2018 |
|
RU2708356C1 |
| METHOD OF DETECTING HARMFUL COMPOSITE FILES | 2016 |
|
RU2634178C1 |
| METHOD OF COMPOSITE FILE ACCESS CONTROL | 2017 |
|
RU2659739C1 |
| METHOD FOR DETERMINING SIMILARITY OF COMPOSITE FILES | 2016 |
|
RU2628922C1 |
| SYSTEM AND METHOD OF CHECKING FILE EDS | 2018 |
|
RU2706873C1 |
| SYSTEM AND METHOD OF PROOFING AGAINST SCANNING OF EDS FILES | 2018 |
|
RU2708353C1 |
| SYSTEM AND METHOD OF REDUCING NUMBER OF FALSE TRIGGERING OF CLASSIFICATION ALGORITHMS | 2018 |
|
RU2706883C1 |
| METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2592383C1 |
| METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2589862C1 |
| SYSTEM AND METHOD OF FORMATION OF ANTI-VIRUS RECORDS USED TO DETECT MALICIOUS FILES ON USER'S COMPUTER | 2015 |
|
RU2617654C2 |
