FIELD: information security.
SUBSTANCE: invention is intended to detect malicious files that use drivers. Results are achieved by applying a malicious file detection method implemented on a computing device that includes a processor and memory, which detects driver activity in the operating system by intercepting the driver's API request to the application; determining, based on the driver activity analysis, whether the driver is dangerous; in the event that the driver is found dangerous by the results of the analysis, a search is made for the file associated with the application using the driver; the found file is recognized as malicious.
EFFECT: detecting malicious files by analysing the operation of the driver accessed by the application with which the specified file is associated. Additional effect is improvement of the accuracy of malicious file detection by detecting and analysing a dangerous driver used by the specified file.
9 cl, 3 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD | 2018 |
|
RU2697954C2 |
| SYSTEM AND METHOD FOR PERFORMING ANTI-VIRUS SCAN OF FILE ON VIRTUAL MACHINE | 2016 |
|
RU2628921C1 |
| SYSTEM AND METHOD OF OPENING FILES CREATED BY VULNERABLE APPLICATIONS | 2015 |
|
RU2606883C2 |
| METHOD OF CREATING SCRIPT OF POPULAR ACTIVATION EVENTS | 2015 |
|
RU2679783C2 |
| SYSTEM AND METHOD FOR IDENTIFYING MALICIOUS FILES | 2017 |
|
RU2673407C1 |
| METHOD AND SYSTEM FOR DETECTING MALICIOUS SOFTWARE BY CONTROL OF SOFTWARE IMPLEMENTATION RUNNING UNDER SCRIPT | 2013 |
|
RU2653985C2 |
| SYSTEM AND DETECTING METHOD OF REMOTE ADMINISTRATION APPLICATION | 2016 |
|
RU2634173C1 |
| SYSTEM AND METHOD OF DETECTING THE SIGNS OF COMPUTER ATTACKS | 2017 |
|
RU2661533C1 |
| METHOD OF DETECTING MALICIOUS EXECUTABLES, CONTAINING INTERPRETER, BY COMBINING EMULATORS | 2015 |
|
RU2622627C2 |
| METHOD OF DETECTING UNKNOWN PROGRAMS BY LOAD PROCESS EMULATION | 2011 |
|
RU2472215C1 |
