Patenton — panteon of patents

(19)

RU

(11)

2 770 570

(13)

C2

(51)

IPC

G06F21/56(2013-01-01)

G06N20/00(2019-01-01)

(21) (22)

Application

2020128090, 2020-08-24

(24)

Start date

2020-08-24

(22)

Actual filing date

2020-08-24

(45)

Published

2022-04-18

(72)

Inventor

Lopatin Evgenij IgorevichKondratev Dmitrij Andreevich

(73)

Holder

Aktsionernoe Obshchestvo Kasperskogo"

SYSTEM AND METHOD FOR DETERMINING PROCESS ASSOCIATED WITH MALWARE ENCRYPTING COMPUTER SYSTEM FILES Russian patent published in 2022 - IPC G06F21/56 G06N20/00 

Abstract RU 2770570 C2

FIELD: computer technology.

SUBSTANCE: method for determining the process associated with malware encrypting computer system files (hereinafter – an encryptor) is disclosed, implemented on a computer system processor, containing instructions, according to which: a) using a processing tool, at least one file is determined, into which data was recorded (hereinafter – modification) by the suspicious process based on the processing of system calls used by the suspicious process; b) using the processing tool, characteristics of each mentioned file are determined; c) the modification class of each mentioned file is determined, using an analysis tool, by applying the trained first machine learning model that receives the mentioned file characteristics as input data; d) using the analysis tool, the suspicious process is determined as associated with the encryptor, based on the file modification class determined for each mentioned file.

EFFECT: improvement of the level of protection of computer system files from encryptors, as well as reduction in errors of the first and the second kind, when determining a suspicious process associated with the encryptor.

25 cl, 8 dwg

Similar patents RU2770570C2

Title Year Author Number
SYSTEM AND METHOD OF CLASSIFYING OBJECTS OF COMPUTER SYSTEM 2018
  • Chistyakov Aleksandr Sergeevich
  • Romanenko Aleksej Mikhajlovich
  • Shevelev Aleksandr Sergeevich
 RU2724710C1
METHOD FOR ADJUSTING THE PARAMETERS OF A MACHINE LEARNING MODEL IN ORDER TO IDENTIFY FALSE TRIGGERING AND INFORMATION SECURITY INCIDENTS 2020
  • Filonov Pavel Vladimirovich
  • Soldatov Sergej Vladimirovich
  • Udimov Daniil Alekseevich
 RU2763115C1
METHOD AND SYSTEM FOR STATIC ANALYSIS OF EXECUTABLE FILES BASED ON PREDICTIVE MODELS 2020
  • Prudkovskij Nikolaj Sergeevich
 RU2759087C1
SYSTEM AND METHOD OF CLASSIFICATION OF OBJECTS 2017
  • Chistyakov Aleksandr Sergeevich
  • Lobacheva Ekaterina Maksimovna
  • Romanenko Aleksej Mikhajlovich
 RU2679785C1
METHOD FOR PROCESSING INFORMATION SECURITY EVENTS PRIOR TO TRANSMISSION FOR ANALYSIS 2020
  • Filonov Pavel Vladimirovich
  • Soldatov Sergej Vladimirovich
  • Udimov Daniil Alekseevich
 RU2762528C1
SYSTEM AND METHOD OF DETECTING A MALICIOUS FILE 2018
  • Chistyakov Aleksandr Sergeevich
  • Romanenko Aleksej Mikhajlovich
  • Shevelev Aleksandr Sergeevich
 RU2739865C2
METHOD AND SYSTEM FOR DETECTING MALICIOUS FILES IN A NON-ISOLATED MEDIUM 2020
  • Prudkovskij Nikolaj Sergeevich
 RU2722692C1
SYSTEM AND METHOD OF MANAGING COMPUTING RESOURCES FOR DETECTING MALICIOUS FILES 2017
  • Chistyakov Aleksandr Sergeevich
  • Lobacheva Ekaterina Maksimovna
  • Romanenko Aleksej Mikhajlovich
 RU2659737C1
SYSTEM AND METHOD OF MACHINE TRAINING MODEL OF DETECTING MALICIOUS FILES 2017
  • Chistyakov Aleksandr Sergeevich
  • Lobacheva Ekaterina Maksimovna
  • Romanenko Aleksej Mikhajlovich
 RU2673708C1
SYSTEM AND METHOD OF DETECTING THE SIGNS OF COMPUTER ATTACKS 2017
  • Gordejchik Sergej Vladimirovich
  • Sapronov Konstantin Vladimirovich
  • Parshin Yurij Gennadevich
  • Kheirkhabarov Tejmur Samedovich
  • Soldatov Sergej Vladimirovich
 RU2661533C1

RU 2 770 570 C2

Authors

Lopatin Evgenij Igorevich

Kondratev Dmitrij Andreevich

Dates

2022-04-18Published

2020-08-24Filed

download Download PDF read Similar patents