FIELD: information security.
SUBSTANCE: methods for identifying malicious packet switch nodes and intermediate nodes through which malware is distributed. According to an implementation option, a method is used to classify objects to prevent the spread of malicious activity, made with the ability to implement steps according to which the following is performed: search for objects on the network that have common information with other objects; constructing a connection graph containing classified and unclassified objects in the form of vertices, and the connection between the objects indicates the presence of common information between the objects, and the classified objects are malicious objects; selecting from the generated connection graph at least one subgraph, including homogeneous objects and containing at least one unclassified object, based on at least one of the approaches: analysis of group connections between objects; analysis of sequential communication between objects; performing a classification of each unclassified object in each subgraph based on the analysis of the objects using classification rules; restricting access to an object that is classified as malicious to prevent the spread of malicious activity.
EFFECT: preventing the spread of malicious activity on a computer network.
15 cl, 7 dwg
