发明申请
- 专利标题: SYSTEM AND METHOD FOR DETECTING HARMFUL FILES EXECUTABLE ON A VIRTUAL STACK MACHINE BASED ON PARAMETERS OF THE FILES AND THE VIRTUAL STACK MACHINE
- 专利标题(中): 基于文件参数和虚拟堆叠机检测虚拟堆叠机可执行的有害文件的系统和方法
-
申请号: US15182083申请日: 2016-06-14
-
公开(公告)号: US20170004310A1公开(公告)日: 2017-01-05
- 发明人: Anton M. Ivanov , Alexander V. Liskin
- 申请人: AO Kaspersky Lab
- 优先权: RU2015125974 20150630
- 主分类号: G06F21/56
- IPC分类号: G06F21/56 ; G06F9/455 ; G06F17/30
摘要:
Disclosed are method and system for detecting harmful files executed by a virtual stack machine. An example method includes: analyzing a file executable on the virtual stack machine to identify both parameters of a file section of the file and parameters of a function of the virtual stack machine when executing the file; identifying, in a database, at least one cluster of safe files based on the identified parameters of the file section of the file and the identified parameters of the virtual stack machine; creating, using at least one clustering rule, a data cluster based on the identified at least one cluster of safe files; calculating at least one checksum of the created data cluster; and determining that the file executable on the virtual stack machine is harmful if the computed at least one checksum matches a checksum in a database of checksums of harmful files.
公开/授权文献
信息查询
