Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises: forming a feature vector based on behavioral data of execution of a file, calculating parameters based on the feature vector using a trained model for calculation of parameters, wherein the parameters comprise: i) a degree of maliciousness that is a probability that the file may be malicious, and ii) a limit degree of safety that is a probability that the file will definitely prove to be malicious, wherein an aggregate of consecutively calculated degrees is described by a predetermined time law, deciding that the file is malicious when the degree of maliciousness and the limit degree of safety satisfy a predetermined criterion, wherein that criterion is a rule for the classification of the file according to an established correlation between the degree of maliciousness and the limit degree of safety.

Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises emulating execution of a file under analysis, forming a behavior log of the emulated execution of the file under analysis, forming one or more behavior patterns from commands and parameters selected from the behavior log, calculating a convolution of the one or more behavior patterns, selecting two or more models for detecting malicious files from a database, calculating a degree of maliciousness of the file being executed based using the convolution and the two or more models, forming a decision making template based on the degree of maliciousness and determining that the file is malicious when a degree of similarity between the decision making template and a predetermined decision making template exceeds a predetermined threshold value.

Abstract: Disclosed are systems and methods for detection of malicious files using machine learning. An example method comprises: selecting one or more data blocks in an object being analyzed based on rules; performing a static analysis on the one or more data blocks to determine a set of features of the one or more data blocks; determining a degree of harmfulness of the object based on the set of features and a model for detection of malicious objects, wherein the model has been trained by a method for machine learning on at least one safe object and one malicious object; recognizing the object is safe when the degree of harmfulness does not exceed a predetermined threshold of harmfulness; and recognizing the object is malicious when the degree of harmfulness of the one or more data blocks exceeds the predetermined threshold of harmfulness.

Abstract: The present disclosure is directed to a system and method of detecting malicious files by using a trained machine learning model. The system may comprise a hardware processor configured to form at least one behavior pattern, calculate the convolution of all behavior patterns, select from a database of detection models at least two models for detection of malicious files on the basis of the behavior patterns, calculate the degree of harmfulness of a file being executed on the basis of an analysis of the convolution and the at least two models for detection of malicious files, form, on the basis of the degrees of harmfulness, a decision-making pattern, recognize the file being executed as malicious if the degree of similarity between the formulated decision-making pattern and at least one of a predetermined decision-making patterns from a database of decision-making patterns previously formulated on the basis of an analysis of malicious files, exceeds a predetermined threshold value.

Abstract: Disclosed are systems and methods generating a convolution function for training a malware detection model. An example method comprises selecting, by a processor, one or more commands from a log according to a set of predetermined rules, forming, by the processor, one or more behavior patterns from the one or more selected commands, determining, by the processor, a feature vector according to the one or more behavior patterns, generating, by the processor, a convolution function according to the feature vector, wherein a size of a result of the convolution function of the feature vector is less than the size of the feature vector, and computing, by the processor, one or more parameters for training a malware detection model using the convolution function on the one or more behavior patterns.

Abstract: Disclosed are systems and methods generating a convolution function for training a malware detection model. An example method comprises generating, by a processor, a plurality of behavior patterns based on one or more logs of commands executed on a computing device, calculating, by the processor, an effectiveness of each of a plurality of methods for machine learning based on the plurality of behavior patterns, determining, by the processor, a preferred method for machine learning from the plurality of methods for machine learning by selecting the preferred method as a method with the greatest effectiveness from the plurality of methods for machine learning, obtaining, by the processor, parameters of the malware detection model by applying convolution functions to the plurality of behavior patterns, training, by the processor, the malware detection model to detect malicious files using the preferred method for machine learning.

Abstract: The present disclosure provides a system for managing computer resources for detection of malicious files based on machine learning model. In one aspect, the system may comprise: a hardware processor configured to: form at least one behavior pattern on the basis of commands and parameters, calculate the convolution of the formed behavior pattern, calculate the degree of harmfulness the convolution and a model for detection of malicious files, manage the computing resources used to ensure the security of that computing device, based on the degree of harmfulness, wherein the degree of harmfulness is within a predetermined range of values and if the obtained degree of harmfulness of applications exceeds the predetermined threshold value, send a request to allocate additional resources of the computing device, otherwise send a request to free up previously allocated resources of the computing device.

Abstract: Disclosed are systems and methods for machine learning of a model for detecting malicious files. The described system samples files from a database of files and trains a detection model for detecting malicious files on the basis of an analysis of the sampled files. The described system forms behavior logs based on executable commands intercepted during execution of the sampled files, and generates behavior patterns based on the behavior log. The described system determines a convolution function based on the behavior patterns, and trains a detection model for detecting malicious files by calculating parameters of the detection model using the convolution function on the behavior patterns. The trained detection model may be used to detect malicious files by utilizing the detection model on a system behavior log generated during execution of suspicious files.