METHOD AND SYSTEM FOR DETECTING THE INFRASTRUCTURE OF A MALICIOUS SOFTWARE OR A CYBERCRIMINAL

摘要

FIELD: computer equipment.;SUBSTANCE: disclosed is a computer-implemented method of identifying infrastructure of a malicious program or a cybercriminal, wherein: obtaining a request containing an infrastructure element and a tag on whether the item belongs to a malicious program or a cybercriminal; retrieving from the database a parameter of the received infrastructure element, an additional infrastructure element used by the same malware as the obtained infrastructure element, and an additional infrastructure element parameter; analyzing the obtained infrastructure element and the associated parameter and the additional infrastructure element and the parameter associated therewith; based on the analysis, statistical relationships between the parameter of the obtained infrastructure element and the parameter of the additional infrastructure element are determined; generating rules for searching for new infrastructure elements based on the detected statistical link and extracting new infrastructure elements from the database; assigning to new elements tags corresponding to certain malware or cybercriminals, and storing results in a database.;EFFECT: technical result is higher efficiency of detecting computer attacks.;10 cl, 2 dwg