The rules for detecting malware, which are automatically created when analyzing a limited number of recently detected malicious files, describe a group of hazardous objects as a set of various characteristics. Among these characteristics, in particular, the sequence of systemic events and calls of system functions are present, which are the same for both malicious and clean files.
The proposed technology is reported to verify the automatically created detecting rules for whether they describe the groups of malicious files correctly and whether legitimate objects do not affect (and with this approach, the probability of obtaining false works is significantly reduced).
The verification is carried out as follows: all files suitable for the proposed description are compared with a set of known clean (included in white lists) files and a wider selection of known malicious objects. If no similarities are detected in the comparison process, the detective rule is considered correct and is used to protect users from cyberism.
In other words, we are talking about machine learning tools that make it possible to automate a large amount of routine operations to detect malicious software. Rights «Kaspersky laboratories» The US Patent and Trade Machine Office (USPTO) are enshrined in new technology.
- Kaspersky laboratory