| 摘要 |
FIELD: computer engineering.SUBSTANCE: method of detecting malicious files, where the plurality of variable and immutable signs files from the database files for training; plenty features at least one file; separated multiple selected attributes of file on at least two subsets, in one of which there is at least one variable feature, the other has at least one immutable attribute; obtaining convolution of each of the above subsets of file attributes; created convolution file as a combination of folds of each of the above subsets of file attributes; Comparing the convolution of at least one file with a set of previously created folds files; file is considered to be similar to files from multiple similar files, having the same convolution if during comparison convolution of the said file matches the convolution file from the specified multiple; considered file objects, if the file is similar to files from multiple similar files, wherein said plurality of similar files is multiple harmful files.EFFECT: technical result consists in computer safety.16 cl, 5 dwg |
