DETECTING MALICIOUS ACTIVITY BY ANALYSING THE BEHAVIOUR OF OBJECTS IN A NON-ISOLATED ENVIRONMENT

摘要

The computer-implementable method for detection of malicious activity by analysis of behavior in non-isolated environment, the method comprising: collecting information into at least one event flow using a detection module; transmitting at least one event flow to a computing device, and analyzing, using the computing device, the obtained event flow for a predetermined amount of time, wherein transmitting at least one event from the event flow to input of at least one adapter, depending on the event type, wherein at least one adapter generates its internal event; transmitting at least one internal event to at least one signature module, and checking at least one obtained internal event using at least one signature module according to preset rules, and in case of at least one internal event correspondence to the preset rules, creating at least one internal state marker; transmitting at least one internal state marker to input of a malicious activity decision module, wherein, if at least one internal state marker total weight or probability of at least one internal state marker maliciousness exceeds a preset value, detecting the malicious activity using the decision module on the basis of difference from the allowed behavior; creating a report on suspicious activity.