METHOD OF AND SYSTEM FOR ANALYSIS OF INTERACTION PATTERNS OF MALWARE WITH CONTROL CENTERS FOR DETECTION OF CYBER ATTACK

摘要

This technical solution relates to systems and methods of cyber attack detection, and more specifically it relates to analysis methods and systems for protocols of interaction of malware and cyber attack detection and control centers (servers). The analysis method for a protocol of interaction of malware and cyber attack detection and control centers involves planting of at least one piece of malware into at least one virtual environment, collection of requests sent by at least one of the said pieces of malware to at least one malware control center, determination of parameters and their sequence in the requests collected, grouping of requests with identical sets of parameters, generation of a regular expression describing parameters for each group of requests containing two or more requests, generation and sending of at least one request described by the regular expression obtained at the previous step to at least one malware control center, reception of at least one response from at least one malware control center and its decoding and/or decryption if this response is encoded and/or encrypted, analysis of at least one of the said responses for presence of information and data characteristic of cyber attacks, and saving of the results obtained. The technical result lies in improvement of efficiency of cyber attack detection.