摘要 |
FIELD: information technologies. ^ SUBSTANCE: method to determine belonging of files to collections of available files on the basis of files comparison with the help of functionality templates includes stages, at which functionality templates are generated on the basis of information on the executed file. Then extracted noise information is deleted from functionality templates of the executed file. Then units of functionality templates of the executed file are reduced to normalised view. Then these units are compared to units of functionality templates of available files, and using comparison results, decision is made on belonging of the unit to one of functionality templates of available files. Creating functionality templates by available malicious software, newly arrived files may be compared with them, and automatic records may be added with condition of similarity; characteristic logical units are extracted from collections of malicious programs, and heuristic rules are created by these units; automatic descriptions are generated. Also the possibility appears to carry out clusterisation of objects, which helps to accelerate their further processing. ^ EFFECT: increased reliability and accuracy of malicious software detection, achieved by comparison of executed files by means of functionality templates. ^ 14 cl, 16 dwg |