SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE

SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE

FIELD: information technology.SUBSTANCE: invention relates to protection against computer threats. Method of detecting harmful objects on a computing device comprises the following steps: a) obtaining of information on at least one object on the computing device containing, among them, a checksum of...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: SAPRONOV KONSTANTIN VLADIMIROVICH, POLYAKOV ALEKSEJ ALEKSANDROVICH
Format: Patent
Sprache:eng ; rus
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:FIELD: information technology.SUBSTANCE: invention relates to protection against computer threats. Method of detecting harmful objects on a computing device comprises the following steps: a) obtaining of information on at least one object on the computing device containing, among them, a checksum of the object by means of a device for detection of suspicious objects; b) analysis of the said information on the object by means of a device for detection of suspicious objects, at that, based on a set of heuristic rules used by the device for detection of suspicious objects, one determines if the analysed object is suspicious or not; c) collection, by means of device for detection of suspicious objects, of information on the object, if it was classified as suspicious at the earlier stage, while the said information includes at least an API-function call history log, time of appearance of the object on the computing device, and transmission of the collected information on the suspicious object to a device for objects analysis; d) performance of analysis of the received from the device for detection of suspicious objects information on the object by the device for objects analysis; at that, based on a set of heuristic rules used by the device for objects analysis, done determines whether the suspicious object is potentially harmful or not, and sends a request for transmission of the potentially harmful object; at that, recognition of the suspicious object as potentially harmful in accordance with heuristic rules is carried out by comparing information on the analysed object and information on objects stored in a database of harmful objects and a database of safe objects; at that, the set of heuristic rules used for the said analysis differs from the set of heuristic rules used by the device for detection of suspicious objects; e) reception of a request from the device for objects analysis for transmission of a potentially harmful object by means of the device for detection of suspicious objects; f) determination, with the help of the device for complying with safety policy, of a possibility for transmission of the potentially harmful object to the device for objects analysis; at that, if transmission the potentially harmful object is prohibited in accordance with the security policy used by the device for complying with security policy, the latter inhibits transmission of the potentially harmful object to the device for objects analysis, otherwise the transmissio