首页>
外国专利>
DETECTING MALICIOUS ACTIVITY BY ANALYSING THE BEHAVIOUR OF OBJECTS IN A NON-ISOLATED ENVIRONMENT
DETECTING MALICIOUS ACTIVITY BY ANALYSING THE BEHAVIOUR OF OBJECTS IN A NON-ISOLATED ENVIRONMENT
展开▼
机译:通过分析非隔离环境中对象的行为来检测恶意活动
展开▼
页面导航
摘要
著录项
相似文献
摘要
The computer-implementable method for detection of malicious activity by analysis of behavior in non-isolated environment, the method comprising: collecting information into at least one event flow using a detection module; transmitting at least one event flow to a computing device, and analyzing, using the computing device, the obtained event flow for a predetermined amount of time, wherein transmitting at least one event from the event flow to input of at least one adapter, depending on the event type, wherein at least one adapter generates its internal event; transmitting at least one internal event to at least one signature module, and checking at least one obtained internal event using at least one signature module according to preset rules, and in case of at least one internal event correspondence to the preset rules, creating at least one internal state marker; transmitting at least one internal state marker to input of a malicious activity decision module, wherein, if at least one internal state marker total weight or probability of at least one internal state marker maliciousness exceeds a preset value, detecting the malicious activity using the decision module on the basis of difference from the allowed behavior; creating a report on suspicious activity.
展开▼