SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE

FIELD: information technology.SUBSTANCE: invention relates to protection against computer threats. Method of detecting harmful objects on a computing device comprises the following steps: a) obtaining of information on at least one object on the computing device containing, among them, a checksum of...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	SAPRONOV KONSTANTIN VLADIMIROVICH, POLYAKOV ALEKSEJ ALEKSANDROVICH
Format:	Patent
Sprache:	eng ; rus
Schlagworte:	CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title
container_volume
creator	SAPRONOV KONSTANTIN VLADIMIROVICH POLYAKOV ALEKSEJ ALEKSANDROVICH
description	FIELD: information technology.SUBSTANCE: invention relates to protection against computer threats. Method of detecting harmful objects on a computing device comprises the following steps: a) obtaining of information on at least one object on the computing device containing, among them, a checksum of the object by means of a device for detection of suspicious objects; b) analysis of the said information on the object by means of a device for detection of suspicious objects, at that, based on a set of heuristic rules used by the device for detection of suspicious objects, one determines if the analysed object is suspicious or not; c) collection, by means of device for detection of suspicious objects, of information on the object, if it was classified as suspicious at the earlier stage, while the said information includes at least an API-function call history log, time of appearance of the object on the computing device, and transmission of the collected information on the suspicious object to a device for objects analysis; d) performance of analysis of the received from the device for detection of suspicious objects information on the object by the device for objects analysis; at that, based on a set of heuristic rules used by the device for objects analysis, done determines whether the suspicious object is potentially harmful or not, and sends a request for transmission of the potentially harmful object; at that, recognition of the suspicious object as potentially harmful in accordance with heuristic rules is carried out by comparing information on the analysed object and information on objects stored in a database of harmful objects and a database of safe objects; at that, the set of heuristic rules used for the said analysis differs from the set of heuristic rules used by the device for detection of suspicious objects; e) reception of a request from the device for objects analysis for transmission of a potentially harmful object by means of the device for detection of suspicious objects; f) determination, with the help of the device for complying with safety policy, of a possibility for transmission of the potentially harmful object to the device for objects analysis; at that, if transmission the potentially harmful object is prohibited in accordance with the security policy used by the device for complying with security policy, the latter inhibits transmission of the potentially harmful object to the device for objects analysis, otherwise the transmissio
format	Patent
fullrecord	<record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_RU2587426C2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>RU2587426C2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_RU2587426C23</originalsourceid><addsrcrecordid>eNqNyj0OwjAMQOEsDAi4gy_AEn7XyHFoQI2R4wydqgqFCUGlcn_BwAGY3je8uTnnLiu14JKHlrRhDxzAkxJqTCfwUb4iD07V4QU4AbJcWZwSxBTEZZWCWoSWZnYfHlNd_bowEEixWdfx1ddpHG71Wd-9FLs7HrZ2j3bzx_IBEF8tVQ</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE</title><source>esp@cenet</source><creator>SAPRONOV KONSTANTIN VLADIMIROVICH ; POLYAKOV ALEKSEJ ALEKSANDROVICH</creator><creatorcontrib>SAPRONOV KONSTANTIN VLADIMIROVICH ; POLYAKOV ALEKSEJ ALEKSANDROVICH</creatorcontrib><description>FIELD: information technology.SUBSTANCE: invention relates to protection against computer threats. Method of detecting harmful objects on a computing device comprises the following steps: a) obtaining of information on at least one object on the computing device containing, among them, a checksum of the object by means of a device for detection of suspicious objects; b) analysis of the said information on the object by means of a device for detection of suspicious objects, at that, based on a set of heuristic rules used by the device for detection of suspicious objects, one determines if the analysed object is suspicious or not; c) collection, by means of device for detection of suspicious objects, of information on the object, if it was classified as suspicious at the earlier stage, while the said information includes at least an API-function call history log, time of appearance of the object on the computing device, and transmission of the collected information on the suspicious object to a device for objects analysis; d) performance of analysis of the received from the device for detection of suspicious objects information on the object by the device for objects analysis; at that, based on a set of heuristic rules used by the device for objects analysis, done determines whether the suspicious object is potentially harmful or not, and sends a request for transmission of the potentially harmful object; at that, recognition of the suspicious object as potentially harmful in accordance with heuristic rules is carried out by comparing information on the analysed object and information on objects stored in a database of harmful objects and a database of safe objects; at that, the set of heuristic rules used for the said analysis differs from the set of heuristic rules used by the device for detection of suspicious objects; e) reception of a request from the device for objects analysis for transmission of a potentially harmful object by means of the device for detection of suspicious objects; f) determination, with the help of the device for complying with safety policy, of a possibility for transmission of the potentially harmful object to the device for objects analysis; at that, if transmission the potentially harmful object is prohibited in accordance with the security policy used by the device for complying with security policy, the latter inhibits transmission of the potentially harmful object to the device for objects analysis, otherwise the transmission is allowed; g) transmission, with the help of the device for detection of suspicious objects of the potentially harmful object for analysis to the device of objects analysis, if transmission was permitted by the device for complying with security policies at the earlier stage; h) analysis of received potentially harmful object by means of the device for objects analysis, at that, one clarifies, whether the degree of similarity of the potentially harmful object with any object from a database of harmful objects exceeds the preset threshold, and if the degree of similarity of the potentially harmful object with any object from a database of harmful objects exceeds the preset threshold, the said object is recognised as harmful.EFFECT: higher safety of a computing device.2 cl, 3 dwg Изобретение относится к области защиты от компьютерных угроз. Технический результат изобретения заключается в повышении безопасности вычислительного устройства. Способ обнаружения вредоносных объектов на вычислительном устройстве содержит этапы, на которых: а) получают информацию о по меньшей мере одном объекте на вычислительном устройстве, содержащую в том числе контрольную сумму объекта, при помощи средства обнаружения подозрительных объектов; б) анализируют упомянутую информацию об объекте при помощи средства обнаружения подозрительных объектов, при этом на основании набора эвристических правил, используемых средством обнаружения подозрительных объектов, определяют, является ли анализируемый объект подозрительным или нет; в) собирают при помощи средства обнаружения подозрительных объектов информацию об объекте, если он был признан подозрительным на этапе ранее, при этом упомянутая информация включает по меньшей мере журнал вызовов API-функций, время появления объекта на вычислительном устройстве, и передают собранную информацию о подозрительном объекте средству анализа объектов; г) производят анализ полученной от средства обнаружения подозрительных объектов информации об объекте средством анализа объектов, при этом на основании набора эвристических правил, используемых средством анализа объектов, определяют, является ли подозрительный объект потенциально вредоносным или нет, и посылают запрос на передачу потенциально вредоносного объекта; при этом признание подозрительного объекта потенциально вредоносным в соответствии с эвристическими правилами осуществляется путем сопоставления информ</description><language>eng ; rus</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2016</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20160620&DB=EPODOC&CC=RU&NR=2587426C2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25562,76317</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20160620&DB=EPODOC&CC=RU&NR=2587426C2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>SAPRONOV KONSTANTIN VLADIMIROVICH</creatorcontrib><creatorcontrib>POLYAKOV ALEKSEJ ALEKSANDROVICH</creatorcontrib><title>SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE</title><description>FIELD: information technology.SUBSTANCE: invention relates to protection against computer threats. Method of detecting harmful objects on a computing device comprises the following steps: a) obtaining of information on at least one object on the computing device containing, among them, a checksum of the object by means of a device for detection of suspicious objects; b) analysis of the said information on the object by means of a device for detection of suspicious objects, at that, based on a set of heuristic rules used by the device for detection of suspicious objects, one determines if the analysed object is suspicious or not; c) collection, by means of device for detection of suspicious objects, of information on the object, if it was classified as suspicious at the earlier stage, while the said information includes at least an API-function call history log, time of appearance of the object on the computing device, and transmission of the collected information on the suspicious object to a device for objects analysis; d) performance of analysis of the received from the device for detection of suspicious objects information on the object by the device for objects analysis; at that, based on a set of heuristic rules used by the device for objects analysis, done determines whether the suspicious object is potentially harmful or not, and sends a request for transmission of the potentially harmful object; at that, recognition of the suspicious object as potentially harmful in accordance with heuristic rules is carried out by comparing information on the analysed object and information on objects stored in a database of harmful objects and a database of safe objects; at that, the set of heuristic rules used for the said analysis differs from the set of heuristic rules used by the device for detection of suspicious objects; e) reception of a request from the device for objects analysis for transmission of a potentially harmful object by means of the device for detection of suspicious objects; f) determination, with the help of the device for complying with safety policy, of a possibility for transmission of the potentially harmful object to the device for objects analysis; at that, if transmission the potentially harmful object is prohibited in accordance with the security policy used by the device for complying with security policy, the latter inhibits transmission of the potentially harmful object to the device for objects analysis, otherwise the transmission is allowed; g) transmission, with the help of the device for detection of suspicious objects of the potentially harmful object for analysis to the device of objects analysis, if transmission was permitted by the device for complying with security policies at the earlier stage; h) analysis of received potentially harmful object by means of the device for objects analysis, at that, one clarifies, whether the degree of similarity of the potentially harmful object with any object from a database of harmful objects exceeds the preset threshold, and if the degree of similarity of the potentially harmful object with any object from a database of harmful objects exceeds the preset threshold, the said object is recognised as harmful.EFFECT: higher safety of a computing device.2 cl, 3 dwg Изобретение относится к области защиты от компьютерных угроз. Технический результат изобретения заключается в повышении безопасности вычислительного устройства. Способ обнаружения вредоносных объектов на вычислительном устройстве содержит этапы, на которых: а) получают информацию о по меньшей мере одном объекте на вычислительном устройстве, содержащую в том числе контрольную сумму объекта, при помощи средства обнаружения подозрительных объектов; б) анализируют упомянутую информацию об объекте при помощи средства обнаружения подозрительных объектов, при этом на основании набора эвристических правил, используемых средством обнаружения подозрительных объектов, определяют, является ли анализируемый объект подозрительным или нет; в) собирают при помощи средства обнаружения подозрительных объектов информацию об объекте, если он был признан подозрительным на этапе ранее, при этом упомянутая информация включает по меньшей мере журнал вызовов API-функций, время появления объекта на вычислительном устройстве, и передают собранную информацию о подозрительном объекте средству анализа объектов; г) производят анализ полученной от средства обнаружения подозрительных объектов информации об объекте средством анализа объектов, при этом на основании набора эвристических правил, используемых средством анализа объектов, определяют, является ли подозрительный объект потенциально вредоносным или нет, и посылают запрос на передачу потенциально вредоносного объекта; при этом признание подозрительного объекта потенциально вредоносным в соответствии с эвристическими правилами осуществляется путем сопоставления информ</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2016</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNyj0OwjAMQOEsDAi4gy_AEn7XyHFoQI2R4wydqgqFCUGlcn_BwAGY3je8uTnnLiu14JKHlrRhDxzAkxJqTCfwUb4iD07V4QU4AbJcWZwSxBTEZZWCWoSWZnYfHlNd_bowEEixWdfx1ddpHG71Wd-9FLs7HrZ2j3bzx_IBEF8tVQ</recordid><startdate>20160620</startdate><enddate>20160620</enddate><creator>SAPRONOV KONSTANTIN VLADIMIROVICH</creator><creator>POLYAKOV ALEKSEJ ALEKSANDROVICH</creator><scope>EVB</scope></search><sort><creationdate>20160620</creationdate><title>SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE</title><author>SAPRONOV KONSTANTIN VLADIMIROVICH ; POLYAKOV ALEKSEJ ALEKSANDROVICH</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_RU2587426C23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng ; rus</language><creationdate>2016</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>SAPRONOV KONSTANTIN VLADIMIROVICH</creatorcontrib><creatorcontrib>POLYAKOV ALEKSEJ ALEKSANDROVICH</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>SAPRONOV KONSTANTIN VLADIMIROVICH</au><au>POLYAKOV ALEKSEJ ALEKSANDROVICH</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE</title><date>2016-06-20</date><risdate>2016</risdate><abstract>FIELD: information technology.SUBSTANCE: invention relates to protection against computer threats. Method of detecting harmful objects on a computing device comprises the following steps: a) obtaining of information on at least one object on the computing device containing, among them, a checksum of the object by means of a device for detection of suspicious objects; b) analysis of the said information on the object by means of a device for detection of suspicious objects, at that, based on a set of heuristic rules used by the device for detection of suspicious objects, one determines if the analysed object is suspicious or not; c) collection, by means of device for detection of suspicious objects, of information on the object, if it was classified as suspicious at the earlier stage, while the said information includes at least an API-function call history log, time of appearance of the object on the computing device, and transmission of the collected information on the suspicious object to a device for objects analysis; d) performance of analysis of the received from the device for detection of suspicious objects information on the object by the device for objects analysis; at that, based on a set of heuristic rules used by the device for objects analysis, done determines whether the suspicious object is potentially harmful or not, and sends a request for transmission of the potentially harmful object; at that, recognition of the suspicious object as potentially harmful in accordance with heuristic rules is carried out by comparing information on the analysed object and information on objects stored in a database of harmful objects and a database of safe objects; at that, the set of heuristic rules used for the said analysis differs from the set of heuristic rules used by the device for detection of suspicious objects; e) reception of a request from the device for objects analysis for transmission of a potentially harmful object by means of the device for detection of suspicious objects; f) determination, with the help of the device for complying with safety policy, of a possibility for transmission of the potentially harmful object to the device for objects analysis; at that, if transmission the potentially harmful object is prohibited in accordance with the security policy used by the device for complying with security policy, the latter inhibits transmission of the potentially harmful object to the device for objects analysis, otherwise the transmission is allowed; g) transmission, with the help of the device for detection of suspicious objects of the potentially harmful object for analysis to the device of objects analysis, if transmission was permitted by the device for complying with security policies at the earlier stage; h) analysis of received potentially harmful object by means of the device for objects analysis, at that, one clarifies, whether the degree of similarity of the potentially harmful object with any object from a database of harmful objects exceeds the preset threshold, and if the degree of similarity of the potentially harmful object with any object from a database of harmful objects exceeds the preset threshold, the said object is recognised as harmful.EFFECT: higher safety of a computing device.2 cl, 3 dwg Изобретение относится к области защиты от компьютерных угроз. Технический результат изобретения заключается в повышении безопасности вычислительного устройства. Способ обнаружения вредоносных объектов на вычислительном устройстве содержит этапы, на которых: а) получают информацию о по меньшей мере одном объекте на вычислительном устройстве, содержащую в том числе контрольную сумму объекта, при помощи средства обнаружения подозрительных объектов; б) анализируют упомянутую информацию об объекте при помощи средства обнаружения подозрительных объектов, при этом на основании набора эвристических правил, используемых средством обнаружения подозрительных объектов, определяют, является ли анализируемый объект подозрительным или нет; в) собирают при помощи средства обнаружения подозрительных объектов информацию об объекте, если он был признан подозрительным на этапе ранее, при этом упомянутая информация включает по меньшей мере журнал вызовов API-функций, время появления объекта на вычислительном устройстве, и передают собранную информацию о подозрительном объекте средству анализа объектов; г) производят анализ полученной от средства обнаружения подозрительных объектов информации об объекте средством анализа объектов, при этом на основании набора эвристических правил, используемых средством анализа объектов, определяют, является ли подозрительный объект потенциально вредоносным или нет, и посылают запрос на передачу потенциально вредоносного объекта; при этом признание подозрительного объекта потенциально вредоносным в соответствии с эвристическими правилами осуществляется путем сопоставления информ</abstract><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier
ispartof
issn
language	eng ; rus
recordid	cdi_epo_espacenet_RU2587426C2
source	esp@cenet
subjects	CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS
title	SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-09T23%3A29%3A08IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=SAPRONOV%20KONSTANTIN%20VLADIMIROVICH&rft.date=2016-06-20&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3ERU2587426C2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true