Abstract: Disclosed are systems and methods for training and retraining a model for detection of malicious activity from container files, which contain at least two or more objects constituting logically separate data regions. Parameters of each object chosen from at least one safe container and one malicious container are determined which uniquely characterize the functional relation of the mentioned object to at least one selected object. Convolutions are formed separately for each container on the basis of the determined parameters of the objects, which are used to train a machine learning model for detecting malicious container files.

Abstract: Disclosed are systems and methods for detection of malicious intermediate language files. In one exemplary aspect, the system comprises a database comprising hashes of known malicious files, a resource allocation module configured to select a set of resources from a file being analyzed, a hash calculation module, coupled to the resource allocation module, configured to calculate a perceptive hash of the set of resources; and an analysis module, coupled to the other modules, configured to identify a degree of similarly between the set of resources and a set of resources from known malicious files by comparing the perceptive hash with perceptive hashes of the set of resources from known malicious files, determine a harmfulness of the file being analyzed based on the degree of similarity and remove or quarantine the file being analyzed when the harmfulness exceeds a predetermined threshold.

Abstract: Disclosed are systems and methods for training and retraining a model for detection of malicious activity from container files, which contain at least two or more objects constituting logically separate data regions. Parameters of each object chosen from at least one safe container and one malicious container are determined which uniquely characterize the functional relation of the mentioned object to at least one selected object. Convolutions are formed separately for each container on the basis of the determined parameters of the objects, which are used to train a machine learning model for detecting malicious container files.

Abstract: Disclosed are systems and method for detecting a malicious computer system. An exemplary method comprises: collecting, via a processor, characteristics of a computer system; determining relations between collected characteristics of the computer system; determining a time dependacy of at least one state of the computer system based on determined relations; determining the at least one state of the computer system based at least on determined time dependacy; and analyzing the at least one state of the computer system in connection with selected patterns representing a legal or malicious computer system to determine a degree of harmfulness of the computer system.

Abstract: Disclosed are systems and methods for detection of malicious intermediate language files. In one exemplary aspect, the system comprises a database comprising hashes of known malicious files, a resource allocation module configured to select a set of resources from a file being analyzed, a hash calculation module, coupled to the resource allocation module, configured to calculate a perceptive hash of the set of resources; and an analysis module, coupled to the other modules, configured to identify a degree of similarly between the set of resources and a set of resources from known malicious files by comparing the perceptive hash with perceptive hashes of the set of resources from known malicious files, determine a harmfulness of the file being analyzed based on the degree of similarity and remove or quarantine the file being analyzed when the harmfulness exceeds a predetermined threshold.

Abstract: Disclosed are systems and method for detecting a malicious computer system. An exemplary method comprises: collecting, via a processor, characteristics of a computer system; determining relations between collected characteristics of the computer system; determining a time dependacy of at least one state of the computer system based on determined relations; determining the at least one state of the computer system based at least on determined time dependacy; and analyzing the at least one state of the computer system in connection with selected patterns representing a legal or malicious computer system to determine a degree of harmfulness of the computer system.

Abstract: Assessment of selectivity of categorization rules. One or more categorization rules are applied to a set of un-categorized objects to produce a categorization result set representing assignment of objects the set into at least two categories. A selectivity score for the at least one categorization rule is obtained based on statistical information. The numerical selectivity score represents an estimation of accuracy of the at least one categorization rule, and is produced as a result of application of at least one trained selectivity determination algorithm, which is based on application of a plurality of specially-selected categorization rules to a set of pre-categorized training data, with the application of each one producing a uniform grouping of objects.

Abstract: Assessment of selectivity of categorization rules. One or more categorization rules are applied to a set of un-categorized objects to produce a categorization result set representing assignment of objects the set into at least two categories. A selectivity score for the at least one categorization rule is obtained based on statistical information. The numerical selectivity score represents an estimation of accuracy of the at least one categorization rule, and is produced as a result of application of at least one trained selectivity determination algorithm, which is based on application of a plurality of specially-selected categorization rules to a set of pre-categorized training data, with the application of each one producing a uniform grouping of objects.

Abstract: System and method for analyzing a target object for similarity to classes of reference objects. A first and a second set of attributes of the target object is identified composed respectively of attributes having values that are common, and variable, among a class of similar objects. A first hash is computed representing the first set of attributes according to a first hashing algorithm that is sensitive to variations in the first set of attributes among the class of similar objects. A second hash representing the second set of attributes is computed according to a second hashing algorithm that is insensitive to variations in the second set of attributes among the class of similar objects. An aggregate representation of the target object that is based on the first hash and the second hash is generated.

Abstract: System and method for analyzing a target object for similarity to classes of reference objects. A first and a second set of attributes of the target object is identified composed respectively of attributes having values that are common, and variable, among a class of similar objects. A first hash is computed representing the first set of attributes according to a first hashing algorithm that is sensitive to variations in the first set of attributes among the class of similar objects. A second hash representing the second set of attributes is computed according to a second hashing algorithm that is insensitive to variations in the second set of attributes among the class of similar objects. An aggregate representation of the target object that is based on the first hash and the second hash is generated.