METHOD FOR DETECTING ANOMALOUS EVENTS ON BASIS OF CONVOLUTION ARRAY OF SAFETY EVENTS

摘要

FIELD: computer equipment.;SUBSTANCE: invention relates to computer engineering. Method for generating a set of convolutions of safe events in which an agent is launched in the operating system of at least one knowingly safe computer device, registering events of at least one type occurring in the operating system of the computer device, where at least the types of events are: start of processes; loading modules; file operations; register operations; detect interceptors installed in the operating system, an event that has occurred in the operating system; register the agent with the detected event and receive from the computer device the context of the specified event; allocate from the received context of the event the signs of the event and form the convolution of the detected event on the basis of the selected features; add convolution to a set of convolutions of safe events.;EFFECT: technical result is to ensure the formation of convolutions of safe events.;45 cl, 5 dwg