摘要 |
FIELD: physics, computer engineering.SUBSTANCE: invention relates to identification and analysis of data transmitted over a communication network and more specifically to identification, detection and analysis of a harmful or malicious software or data. The technical result is achieved via a method which includes analysing a program comprising a sequence of program instructions, determining whether each instruction in the sequence meets any of a group of suspicion criteria, assigning a instruction-level score to each instruction which meets any of the suspicion criteria, summing the instruction-level scores for each instruction to yield a program-level score, determining whether the program-level score exceeds a threshold, and, if the program-level score exceeds a threshold, generating a message indicating a malware detection result.EFFECT: high accuracy of detecting malware and reducing time costs for launching a program in safe environment.17 cl, 4 dwg |