Patents by Inventor SERGEY V. GORDEYCHIK
SERGEY V. GORDEYCHIK has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11829473Abstract: Disclosed herein are methods and systems for detecting malicious files by a user computer. For example, in one aspect, the method comprises registering application programming interface (API) calls made by a file during an execution of the file on the user computer in a local call log, the local call log comprising control flow graphs of processes launched from the file, searching for a rule that matches behavioral rules a local database, when the behavioral rules are found, determining the file is malicious and halting execution of the file on the user computer, otherwise, transmitting the local call log to a remote server, receiving a verdict, when the verdict indicates the file is malicious, receiving a virus signature corresponding to the verdict, and updating the local call log based on the verdict and virus signature, wherein the updating enables detection of subsequently received malicious files.Type: GrantFiled: November 16, 2020Date of Patent: November 28, 2023Assignee: AO Kaspersky LabInventors: Sergey V. Gordeychik, Sergey V. Soldatov, Konstantin V. Sapronov
-
Patent number: 11489855Abstract: Disclosed are systems and methods of adding tags for use in detecting computer attacks. In one aspect, the system comprises a computer protection module configured to: receive a security notification, extract an object from the security notification, search for the extracted object in a threat database, add a first tag corresponding to the extracted object in the threat database only when the extracted object is found in the threat database, search for signs of suspicious activity in a database of suspicious activities based on the received security notification and the added first tag, and when at least one sign of suspicious activity is found, extract a second tag from the database of suspicious activities and add the second tag to an object database, wherein the object database is used for identifying signature of targeted attacks based on security notifications, objects, first tags and second tags.Type: GrantFiled: November 16, 2020Date of Patent: November 1, 2022Assignee: AO Kaspersky LabInventors: Sergey V. Gordeychik, Konstantin V. Sapronov, Yury G. Parshin, Teymur S. Kheirkhabarov, Sergey V. Soldatov
-
Patent number: 11288362Abstract: Disclosed are systems and methods for creating antivirus records for antivirus applications. An exemplary method includes: analyzing a log of records of API function calls of a file for presence of malicious behavior using one or more behavioral rules; determining that the file is malicious when a behavioral rule corresponding to one or more records of API function calls from the log is identified; extracting from the log the one or more API function calls associated with the identified behavioral rule; determining whether the one or more extracted records of API function calls are supported by an antivirus application of a user device; and when the one or more extracted records of API function calls are not supported by the antivirus application, adding to the antivirus application, a support for registering the unsupported records of API function calls.Type: GrantFiled: September 24, 2020Date of Patent: March 29, 2022Assignee: AO Kaspersky LabInventors: Sergey V. Gordeychik, Sergey V. Soldatov, Konstantin V. Sapronov
-
Publication number: 20210067529Abstract: Disclosed are systems and methods of adding tags for use in detecting computer attacks. In one aspect, the system comprises a computer protection module configured to: receive a security notification, extract an object from the security notification, search for the extracted object in a threat database, add a first tag corresponding to the extracted object in the threat database only when the extracted object is found in the threat database, search for signs of suspicious activity in a database of suspicious activities based on the received security notification and the added first tag, and when at least one sign of suspicious activity is found, extract a second tag from the database of suspicious activities and add the second tag to an object database, wherein the object database is used for identifying signature of targeted attacks based on security notifications, objects, first tags and second tags.Type: ApplicationFiled: November 16, 2020Publication date: March 4, 2021Inventors: Sergey V GORDEYCHIK, Konstantin V. SAPRONOV, Yury G. PARSHIN, Teymur S. KHEIRKHABAROV, Sergey V. SOLDATOV
-
Publication number: 20210064748Abstract: Disclosed herein are methods and systems for detecting malicious files by a user computer. For example, in one aspect, the method comprises registering application programming interface (API) calls made by a file during an execution of the file on the user computer in a local call log, the local call log comprising control flow graphs of processes launched from the file, searching for a rule that matches behavioral rules a local database, when the behavioral rules are found, determining the file is malicious and halting execution of the file on the user computer, otherwise, transmitting the local call log to a remote server, receiving a verdict, when the verdict indicates the file is malicious, receiving a virus signature corresponding to the verdict, and updating the local call log based on the verdict and virus signature, wherein the updating enables detection of subsequently received malicious files.Type: ApplicationFiled: November 16, 2020Publication date: March 4, 2021Inventors: Sergey V. Gordeychik, Sergey V. Soldatov, Konstantin V. Sapronov
-
Publication number: 20210019398Abstract: Disclosed are systems and methods for creating antivirus records for antivirus applications. An exemplary method includes: analyzing a log of records of API function calls of a file for presence of malicious behavior using one or more behavioral rules; determining that the file is malicious when a behavioral rule corresponding to one or more records of API function calls from the log is identified; extracting from the log the one or more API function calls associated with the identified behavioral rule; determining whether the one or more extracted records of API function calls are supported by an antivirus application of a user device; and when the one or more extracted records of API function calls are not supported by the antivirus application, adding to the antivirus application, a support for registering the unsupported records of API function calls.Type: ApplicationFiled: September 24, 2020Publication date: January 21, 2021Inventors: Sergey V. Gordeychik, Sergey V. Soldatov, Konstantin V. Sapronov
-
Patent number: 10873590Abstract: Disclosed are systems and methods for cloud detection, investigation and elimination of targeted attacks. In one exemplary aspect, the system comprises a computer protection module configured to: gather information on an object in a computer in a network; and save a security notification with the object in an object database in the network; and a module for protection against targeted attacks configured to: search for the object in a threat database in the network; add one or more tags to the object when the object is found in the threat database and adding a correspondence between a record in the object database and the threat database; and determine that a computer attack has occurred when the one or more tags correspond to signatures in a database of computer attacks.Type: GrantFiled: March 16, 2018Date of Patent: December 22, 2020Assignee: AO Kaspersky LabInventors: Sergey V. Gordeychik, Konstantin V. Sapronov, Yury G. Parshin, Teymur S. Kheirkhabarov, Sergey V. Soldatov
-
Patent number: 10867039Abstract: Disclosed herein are methods and systems of detecting malicious files. According to one aspect, a method comprises receiving one or more call logs from respectively one or more computers, each call log comprising function calls made from a file executing on a respective computer, combining the one or more call logs into a combined call log, searching the combined call log to find a match for one or more behavioral rules stored in a threat database, determining, when the behavioral rules are found in the call log, a verdict about the file being investigated and transmitting information regarding the verdict to the one or more computers.Type: GrantFiled: June 19, 2018Date of Patent: December 15, 2020Assignee: AO Kaspersky LabInventors: Sergey V. Gordeychik, Sergey V. Soldatov, Konstantin V. Sapronov
-
Patent number: 10810308Abstract: Disclosed herein are systems and methods of creating antivirus records. An exemplary method comprises: analyzing, by a protector against targeted attacks, a log of API function calls of a file for presence of malicious behavior using one or more behavioral rules; determining that the file is malicious when a behavioral rule corresponding to records of a log of API function calls is identified; extracting one or more records of API function calls associated with the identified behavioral rule; determining whether at least one extracted record of the API function calls can be registered by a protector of a computing device; and when the at least one extracted record can be registered by the protector of the computing device, creating an antivirus record for the protector of the computing device, wherein the created antivirus record includes at least the extracted records of the API function calls.Type: GrantFiled: October 3, 2018Date of Patent: October 20, 2020Assignee: AO Kaspersky LabInventors: Sergey V. Gordeychik, Sergey V. Soldatov, Konstantin V. Sapronov
-
Patent number: 10469527Abstract: Disclosed are systems and methods for protection of a technological system (TS) from cyber attacks. An exemplary method comprises: obtaining a real state of the TS; initializing a cybernetic control system (CCS) by synchronizing the CCS with the TS; comparing, by the CCS, the real state of the TS with an ideal state of the TS; based on the comparison, identifying a deviation of the real state of the TS from the ideal state of the TS; when the deviation is identified, checking an integrity of at least functional interconnections of the states of one or more elements of the TS; determining whether the ideal state of the TS is a modeling error based on one or more confirmed sustained functional interconnections between elements of the TS; and identifying anomalies in the TS based on one or more disturbed functional interconnections between elements of the TS.Type: GrantFiled: September 2, 2016Date of Patent: November 5, 2019Assignee: AO Kaspersky LabInventors: Sergey V. Gordeychik, Andrey B. Lavrentyev, Andrey P. Doukhvalov
-
Publication number: 20190243968Abstract: Disclosed herein are systems and methods of creating antivirus records. An exemplary method comprises: analyzing, by a protector against targeted attacks, a log of API function calls of a file for presence of malicious behavior using one or more behavioral rules; determining that the file is malicious when a behavioral rule corresponding to records of a log of API function calls is identified; extracting one or more records of API function calls associated with the identified behavioral rule; determining whether at least one extracted record of the API function calls can be registered by a protector of a computing device; and when the at least one extracted record can be registered by the protector of the computing device, creating an antivirus record for the protector of the computing device, wherein the created antivirus record includes at least the extracted records of the API function calls.Type: ApplicationFiled: October 3, 2018Publication date: August 8, 2019Inventors: Sergey V. Gordeychik, Sergey V. Soldatov, Konstantin V. Sapronov
-
Publication number: 20190121977Abstract: Disclosed herein are methods and systems of detecting malicious files. According to one aspect, a method comprises receiving one or more call logs from respectively one or more computers, each call log comprising function calls made from a file executing on a respective computer, combining the one or more call logs into a combined call log, searching the combined call log to find a match for one or more behavioral rules stored in a threat database, determining, when the behavioral rules are found in the call log, a verdict about the file being investigated and transmitting information regarding the verdict to the one or more computers.Type: ApplicationFiled: June 19, 2018Publication date: April 25, 2019Inventors: Sergey V. GORDEYCHIK, Sergey V. SOLDATOV, Konstantin V. SAPRONOV
-
Publication number: 20190104140Abstract: Disclosed are systems and methods for cloud detection, investigation and elimination of targeted attacks. In one exemplary aspect, the system comprises a computer protection module configured to: gather information on an object in a computer in a network; and save a security notification with the object in an object database in the network; and a module for protection against targeted attacks configured to: search for the object in a threat database in the network; add one or more tags to the object when the object is found in the threat database and adding a correspondence between a record in the object database and the threat database; and determine that a computer attack has occurred when the one or more tags correspond to signatures in a database of computer attacks.Type: ApplicationFiled: March 16, 2018Publication date: April 4, 2019Inventors: Sergey V. Gordeychik, Konstantin V. Sapronov, Yury G. Parshin, Teymur S. Kheirkhabarov, Sergey V. Soldatov
-
Publication number: 20170244752Abstract: Disclosed are systems and methods for protection of a technological system (TS) from cyber attacks. An exemplary method comprises: obtaining a real state of the TS; initializing a cybernetic control system (CCS) by synchronizing the CCS with the TS; comparing, by the CCS, the real state of the TS with an ideal state of the TS; based on the comparison, identifying a deviation of the real state of the TS from the ideal state of the TS; when the deviation is identified, checking an integrity of at least functional interconnections of the states of one or more elements of the TS; determining whether the ideal state of the TS is a modeling error based on one or more confirmed sustained functional interconnections between elements of the TS; and identifying anomalies in the TS based on one or more disturbed functional interconnections between elements of the TS.Type: ApplicationFiled: September 2, 2016Publication date: August 24, 2017Inventors: SERGEY V. GORDEYCHIK, ANDREY B. LAVRENTYEV, ANDREY P. DOUKHVALOV