FIELD: computer engineering.
SUBSTANCE: method of detecting malicious files includes steps of: collecting telemetry based on events associated with execution of files on user computers for two user computers; constructing a link graph based on the collected telemetry, where the vertices are files and the associated metadata from the telemetry, and the edges connecting them relate to the same event from the telemetry; marking is performed for at least one file, where objects are also marked, information on which has been collected within telemetry and which relate to both one file and several; detecting at least one unknown malicious file using a trained classifier based on the constructed link graph.
EFFECT: high level of detection of unknown malicious files.
7 cl, 9 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM AND METHOD FOR TWO-STAGE CLASSIFICATION OF FILES | 2018 |
|
RU2708356C1 |
| METHOD FOR CLASSIFYING OBJECTS TO PREVENT SPREAD OF MALICIOUS ACTIVITY | 2023 |
|
RU2808385C1 |
| SYSTEM AND METHOD OF INCREASING EFFICIENCY OF DETECTING UNKNOWN HARMFUL OBJECTS | 2010 |
|
RU2454714C1 |
| METHOD OF SELECTIVE USE OF PATTERNS OF DANGEROUS PROGRAM BEHAVIOR | 2017 |
|
RU2665909C1 |
| SYSTEM AND METHOD FOR ANALYSING FILE LAUNCH EVENTS FOR DETERMINING SAFETY RANKING THEREOF | 2012 |
|
RU2531565C2 |
| SYSTEM AND METHOD OF ADAPTING PATTERNS OF DANGEROUS PROGRAM BEHAVIOR TO USERS' COMPUTER SYSTEMS | 2017 |
|
RU2652448C1 |
| ELIMINATION OF FALSE ACTIVATION OF ANTI-VIRUS RECORDS | 2016 |
|
RU2625053C1 |
| METHOD FOR FASTER FULL ANTIVIRUS SCANNING OF FILES ON MOBILE DEVICE | 2019 |
|
RU2726878C1 |
| SYSTEM AND METHOD OF REDUCING NUMBER OF FALSE TRIGGERING OF CLASSIFICATION ALGORITHMS | 2018 |
|
RU2706883C1 |
| METHOD FOR SELECTIVE REPEATED ANTIVIRUS SCANNING OF FILES ON MOBILE DEVICE | 2019 |
|
RU2726877C1 |
