Show metadata Hide metadata

(19)

(11)

2 838 483

(13)

(51)

IPC

G06F21/56(2013-01-01)

G06F12/14(2006-01-01)

(21) (22)

Application

2024111320, 2024-04-24

(24)

Start date

2024-04-24

(22)

Actual filing date

2024-04-24

(45)

Published

2025-04-17

(72)

Inventor

Vyshegorodtsev Kirill EvgenevichNagornov Ivan GrigorevichBalashov Aleksandr ViktorovichSaukov Pavel AleksandrovichLevkina Ulyana SergeevnaNovikov Evgenij Aleksandrovich

(73)

Holder

Publichnoe Aktsionernoe Obshchestvo Rossii" Sberbank)

METHOD AND SYSTEM FOR DETECTING OBFUSCATED MALICIOUS COMMANDS IN SYSTEM CONSOLE OF OPERATING SYSTEM Russian patent published in 2025 - IPC G06F21/56 G06F12/14

Abstract RU 2838483 C1

FIELD: computer engineering.

SUBSTANCE: said result is achieved by implementing a method for detecting obfuscated malicious commands in an OS system console, in which: data on executable commands are obtained; presenting them as sets of categorical variables; calculating occurrence of variables in commands; obtaining instruction representations in form of a numerical vector; performing clustering and selecting clusters with dominant shares of obfuscated malicious and legitimate commands; processing the obtained vectors using a machine learning model and obtaining a probability estimate value for the commands that the command is an obfuscated malicious command; commands below the threshold value are excluded from the set, as well as commands that are closer to clusters with a dominant share of legitimate commands; adding commands to the set, which are closer to clusters with a dominant share of obfuscated malicious commands; for each instruction from the set, an abnormality estimate value is obtained; excluding typical commands by threshold value of abnormality; detecting obfuscated malicious commands.

EFFECT: higher security of the operating system.

7 cl, 3 dwg

Similar patents RU2838483C1

Title	Year	Author	Number
METHOD AND DEVICE FOR DETERMINING FRAUDULENT TRANSACTIONS OF USER	2024	Vyshegorodtsev Kirill Evgenevich Gubanov Dmitrij Nikolaevich Saukov Pavel Aleksandrovich Umerenko Grigorij Sergeevich	RU2839053C1
METHOD AND SYSTEM FOR STATIC ANALYSIS OF EXECUTABLE FILES BASED ON PREDICTIVE MODELS	2020	Prudkovskij Nikolaj Sergeevich	RU2759087C1
METHOD AND SYSTEM FOR DETECTING MALICIOUS FILES IN A NON-ISOLATED MEDIUM	2020	Prudkovskij Nikolaj Sergeevich	RU2722692C1
AUTOMATIC DETERMINATION OF SET OF CATEGORIES FOR DOCUMENT CLASSIFICATION	2018	Nikita Orlov Konstantin Anisimovich	RU2701995C2
SYSTEM AND METHOD OF BLOCKING SCRIPT EXECUTION	2015	Davydov Vasilij Aleksandrovich Ivanov Anton Mikhajlovich Gavrilchenko Roman Yurevich Vinogradov Dmitrij Valerevich	RU2606564C1
METHOD AND SYSTEM FOR DETERMINING BELONGING OF SOFTWARE BY ITS MACHINE CODE	2019	Slipenchuk Pavel Vladimirovich Pomerantsev Ilya Sergeevich	RU2728497C1
METHOD OF DETECTING MALICIOUS FILES USING LINK GRAPH	2023	Kogtenkov Aleksei Aleksandrovich Romanenko Aleksei Mikhailovich Antonov Aleksei Evgenevich	RU2823749C1
METHODS OF DETECTING MALICIOUS ELEMENTS OF WEB PAGES	2016	Kupreev Oleg Viktorovich Galchenko Anton Borisovich Ustinov Mikhail Valerevich Kondratov Vitalij Viktorovich Kuskov Vladimir Anatolevich	RU2638710C1
METHOD AND SYSTEM FOR CLUSTERING EXECUTABLE FILES	2021	Pomerantsev Ilya Sergeevich	RU2778979C1
METHOD AND SYSTEM FOR PREVENTING MALICIOUS AUTOMATED ATTACKS	2020	Zolotarev Vitalii Gennad'Evich Barabanov Anton Alekseevich Leksunin Oleg Aleksandrovich	RU2740027C1

RU 2 838 483 C1

Authors

Vyshegorodtsev Kirill Evgenevich

Nagornov Ivan Grigorevich

Balashov Aleksandr Viktorovich

Saukov Pavel Aleksandrovich

Levkina Ulyana Sergeevna

Novikov Evgenij Aleksandrovich

Dates

2025-04-17—Published

2024-04-24—Filed