发明名称 |
SYSTEM AND METHOD FOR DETECTING HARMFUL FILES EXECUTABLE ON A VIRTUAL STACK MACHINE BASED ON PARAMETERS OF THE FILES AND THE VIRTUAL STACK MACHINE |
摘要 |
Disclosed are method and system for detecting harmful files executed by a virtual stack machine. An example method includes: analyzing a file executable on the virtual stack machine to identify both parameters of a file section of the file and parameters of a function of the virtual stack machine when executing the file; identifying, in a database, at least one cluster of safe files based on the identified parameters of the file section of the file and the identified parameters of the virtual stack machine; creating, using at least one clustering rule, a data cluster based on the identified at least one cluster of safe files; calculating at least one checksum of the created data cluster; and determining that the file executable on the virtual stack machine is harmful if the computed at least one checksum matches a checksum in a database of checksums of harmful files. |
申请公布号 |
US2017004310(A1) |
申请公布日期 |
2017.01.05 |
申请号 |
US201615182083 |
申请日期 |
2016.06.14 |
申请人 |
AO Kaspersky Lab |
发明人 |
Ivanov Anton M.;Liskin Alexander V. |
分类号 |
G06F21/56;G06F9/455;G06F17/30 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method for detecting a harmful file executed on a virtual stack machine, the method comprising:
analyzing, by a processor, a file executable on the virtual stack machine to identify both parameters of a file section of the file and parameters of a function of the virtual stack machine when executing the file; identifying, in a database, at least one cluster of safe files based on the identified parameters of the file section of the file and the identified parameters of the virtual stack machine; creating, by the processor using at least one clustering rule, a data cluster based on the identified at least one cluster of safe files; calculating, by the processor, at least one checksum of the created data cluster; and determining, by the processor, that the file executable on the virtual stack machine is harmful if the computed at least one checksum matches a checksum in a database of checksums of harmful files. |
地址 |
Moscow RU |