Patents by Inventor Alexey M. Romanenko
Alexey M. Romanenko has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11880455Abstract: Disclosed herein are methods and systems for selecting a detection model for detection of a malicious file. An exemplary method includes: monitoring a file during execution of the file within a computer system by intercepting commands of the file being executed and determining one or more parameters of the intercepted commands. A behavior log of the file being executed containing behavioral data is formed based on the intercepted commands and based on the one or more parameters of the intercepted commands. The behavior log is analyzed to form a feature vector. The feature vector characterizes the behavioral data. One or more detection models are selected from a database of detection models based on the feature vector. Each of the one or more detection models includes a decision-making rule for determining a degree of maliciousness of the file being executed.Type: GrantFiled: October 12, 2021Date of Patent: January 23, 2024Assignee: AO Kaspersky LabInventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
-
Publication number: 20230297703Abstract: Disclosed herein are systems and methods for detecting harmful scripts. In one aspect, an exemplary method comprises, identifying a file containing a script, wherein the identification of the file is performed by analyzing each file of a plurality of files for a presence of a harmful script, generating a summary of the script based on the identified file, calculating static and dynamic parameters of the generated summary of the script, recognizing a script programming language based on the calculated static parameters and dynamic parameters of the generated summary of the script using at least one language recognition rule, processing the identified file based on the data about the recognized script programming language, generating a set of hash codes based on a processed file using rules for generating hash codes, and detecting the harmful script when the generated set of hash codes is similar to known harmful sets of hash codes.Type: ApplicationFiled: September 7, 2022Publication date: September 21, 2023Inventors: Andrei I Kalegin, Vitaly V. Butuzov, Dmitry N. Glavatskikh, Denis I. Parinov, Alexey M. Romanenko
-
Patent number: 11663363Abstract: A method for detecting a false positive outcome in classification of files includes, analyzing a file to determine whether or not the file is to be recognized as being malicious, analyzing a file to determine whether a digital signature certificate is present for the file, in response to recognizing the file as being malicious; comparing the digital certificate of the file with one or more digital certificates stored in a database of trusted files, in response to determining that the digital signature certificate is present for the file; and detecting a false positive outcome if the digital certificate of the file is found in the database of trusted files, when the false positive outcome is detected, excluding the file from further determination of whether the file is malicious and calculating a flexible hash value of the file.Type: GrantFiled: February 15, 2022Date of Patent: May 30, 2023Assignee: AO Kaspersky LabInventors: Sergey V. Prokudin, Alexander S. Chistyakov, Alexey M. Romanenko
-
Patent number: 11599630Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises: selecting a file from a database of files used to perform training of a model for detecting a malicious file, forming one or more behavior patterns from intercepted one or more commands and parameters during execution of the file, forming a detection model, wherein the detection model selects a method of machine learning and is initialized with one or more hyper-parameters, training the detection model by calculating the one or more hyper-parameters based on the one or more behavior patterns to form a group of rules for calculating a degree of maliciousness of a resource and calculating a degree of maliciousness of another file based on the trained detection model.Type: GrantFiled: May 17, 2019Date of Patent: March 7, 2023Assignee: AO Kaspersky LabInventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
-
Patent number: 11546371Abstract: Disclosed are systems and methods for countering a cyber-attack on computing devices by means of which users are interacting with services, which store personal data on the users. Data is collected about the services with which the users are interacting by means of the devices, as well as data about the devices themselves. The collected data is analyzed to detect when a cyber-attack on the devices is occurring as a result of a data breach of personal data on users from the online service. A cluster of the computing devices of different users of the online service experiencing the same cyber attack is identified. Attack vectors are identified based on the characteristics of the cyber attack experienced by the computing devices in the cluster. Actions are selected for countering the cyber-attack based on the identified attack vector and are sent to the devices of all users of the corresponding cluster.Type: GrantFiled: December 22, 2020Date of Patent: January 3, 2023Assignee: AO Kaspersky LabInventors: Vladislav V. Martynenko, Alexey M. Romanenko
-
Patent number: 11514160Abstract: Disclosed herein are systems and methods for determining a coefficient of harmfulness of a file using a trained learning model. In one aspect, an exemplary method includes forming a first vector containing a plurality of attributes of a known malicious file. A learning model is trained using the first vector to identify a plurality of significant attributes that influence identification of the malicious file. A second vector is formed containing a plurality of attributes of known safe files. The learning model is trained using the second vector to identify attributes insignificant to the identification of the malicious file. An unknown file is analyzed by the learning model. The learning model outputs a numerical value identifying a coefficient of harmfulness relating to a probability that the unknown file will prove to be harmful.Type: GrantFiled: January 26, 2021Date of Patent: November 29, 2022Assignee: AO Kaspersky LabInventors: Sergey V. Prokudin, Alexey M. Romanenko
-
Patent number: 11403396Abstract: The present disclosure provides a system and method for allocating computer resources for detection of malicious files. In one aspect, the system comprises: a hardware processor configured to: form at least one behavior pattern grouping selected commands with shared parameters, apply a hash function on the at least one of the formed behavior pattern to obtain computed parameters, calculate a degree of harmfulness based on the obtained computed parameters using the hash function and a model for detection of malicious files, wherein the degree of harmfulness is a number value characterizing a probability that a malicious activity will be manifested by a time of computing said degree of harmfulness and wherein the model is a machine learning model trained using computed parameters of previous behavior patterns on which the hash function was applied to output degrees of harmfulness, and allocate the computing resources based on the calculated degree of harmfulness.Type: GrantFiled: October 5, 2020Date of Patent: August 2, 2022Assignee: AO Kaspersky LabInventors: Alexander C. Chistyakov, Ekaterina M. Lobacheva, Alexey M. Romanenko
-
Patent number: 11379581Abstract: A method for detection of malicious files includes training a mapping model for mapping files in a probability space. A plurality of characteristics of an analyzed file is determined based on a set of rules. A mapping of the analyzed file in probability space is generated based on the determined plurality of characteristics. A first database is searched using the generated mapping of the analyzed file to determine whether the analyzed file is associated with a family of malicious files. The first database stores mappings associated with one or more families of malicious files. In response to determining that the analyzed file is associated with the family of malicious files, a selection of one or more methods of malware detection is made from a second database. The second database stores a plurality of malware detection methods. The selected method is used to detect the associated family.Type: GrantFiled: March 11, 2020Date of Patent: July 5, 2022Assignee: AO Kaspersky LabInventors: Alexander Chistyakov, Alexey M. Romanenko
-
Patent number: 11366896Abstract: A system and method is provided for detecting anomalous events based on a dump of an address space of a software process in a memory of a computing device. An exemplary method includes detecting at least one event occurring in an operating system of the computing device during an execution of the software process, determining a context of the detected event, wherein the context comprises a dump of an address space of the software process containing code that was being executed at the moment of occurrence of the detected event, selecting a set of features of the dump for use in determining whether or not the event is anomalous, transforming the selected set of features of the dump into a convolution, determining a popularity of the convolution by polling a database, and determining that the detected event is an anomalous event if the determined popularity is below a threshold value.Type: GrantFiled: December 17, 2019Date of Patent: June 21, 2022Assignee: AO KASPERSKY LABInventors: Alexey V. Monastyrsky, Mikhail A. Pavlyushchik, Alexey M. Romanenko, Maxim Y. Golovkin
-
Publication number: 20220171880Abstract: A method for detecting a false positive outcome in classification of files includes, analyzing a file to determine whether or not the file is to be recognized as being malicious, analyzing a file to determine whether a digital signature certificate is present for the file, in response to recognizing the file as being malicious; comparing the digital certificate of the file with one or more digital certificates stored in a database of trusted files, in response to determining that the digital signature certificate is present for the file; and detecting a false positive outcome if the digital certificate of the file is found in the database of trusted files, when the false positive outcome is detected, excluding the file from further determination of whether the file is malicious and calculating a flexible hash value of the file.Type: ApplicationFiled: February 15, 2022Publication date: June 2, 2022Inventors: Sergey V. Prokudin, Alexander S. Chistyakov, Alexey M. Romanenko
-
Patent number: 11288401Abstract: Disclosed herein are systems and methods for reducing a number of false positives in classification of files. In one aspect, an exemplary method comprises, analyzing a file to determine whether or not the file is to be recognized as being malicious, when the file is recognized as being malicious, analyzing the file to detect a false positive outcome, when the false positive outcome is detected, excluding the file from being scanned and calculating a flexible hash of the file, and storing the calculated flexible hash in a database of exceptions.Type: GrantFiled: September 11, 2019Date of Patent: March 29, 2022Assignee: AO Kaspersky LabInventors: Sergey V. Prokudin, Alexander S. Chistyakov, Alexey M. Romanenko
-
Publication number: 20220043910Abstract: Disclosed herein are methods and systems for selecting a detection model for detection of a malicious file. An exemplary method includes: monitoring a file during execution of the file within a computer system by intercepting commands of the file being executed and determining one or more parameters of the intercepted commands. A behavior log of the file being executed containing behavioral data is formed based on the intercepted commands and based on the one or more parameters of the intercepted commands. The behavior log is analyzed to form a feature vector. The feature vector characterizes the behavioral data. One or more detection models are selected from a database of detection models based on the feature vector. Each of the one or more detection models includes a decision-making rule for determining a degree of maliciousness of the file being executed.Type: ApplicationFiled: October 12, 2021Publication date: February 10, 2022Inventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
-
Patent number: 11227048Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises emulating execution of a file under analysis, forming a behavior log of the emulated execution of the file under analysis, forming one or more behavior patterns from commands and parameters selected from the behavior log, calculating a convolution of the one or more behavior patterns, selecting two or more models for detecting malicious files from a database, calculating a degree of maliciousness of the file being executed based using the convolution and the two or more models, forming a decision making template based on the degree of maliciousness and determining that the file is malicious when a degree of similarity between the decision making template and a predetermined decision making template exceeds a predetermined threshold value.Type: GrantFiled: May 17, 2019Date of Patent: January 18, 2022Assignee: AO Kaspersky LabInventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
-
Patent number: 11216555Abstract: A system and method is provided for providing a set of convolutions to a computing device for detecting anomalous events occurring in an operating system of the computing device. An exemplary method includes launching an agent in an operating system of a client device, registering, by the agent, events occurring in the operating system, for each registered event, determining a context of the event, wherein the context comprises a call stack at a moment of occurrence of the event, selecting a set of features based on the call stack of the event, generating a convolution based on the selected set of features of the event and the context of the event, and adding the generated convolution to a set of convolutions of events occurring on client devices, and providing, to a client device from which a request is received, the set of convolutions of events occurring on client devices.Type: GrantFiled: December 3, 2019Date of Patent: January 4, 2022Assignee: AO Kaspersky LabInventors: Alexey V. Monastyrsky, Mikhail A. Pavlyushchik, Alexey M. Romanenko, Maxim Y. Golovkin
-
Patent number: 11188649Abstract: Methods and systems are described in the present disclosure for classifying malicious objects. In an exemplary aspect, a method includes: collecting data describing a state of an object of the computer system, forming a vector of features, calculating a degree of similarity based on the vector, calculating a limit degree of difference that is a numerical value characterizing the probability that the object being classified will certainly belong to another class, forming a criterion for determination of class of the object based on the degree of similarity and the limit degree of difference, determining that the object belongs to the determined class when the data satisfies the criterion, wherein the data is collected over a period of time defined by a data collection rule and pronouncing the object as malicious when it is determined that the object belongs to the specified class.Type: GrantFiled: June 26, 2019Date of Patent: November 30, 2021Assignee: AO Kaspersky LabInventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
-
Patent number: 11176250Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises: forming a feature vector based on behavioral data of execution of a file, calculating parameters based on the feature vector using a trained model for calculation of parameters, wherein the parameters comprise: i) a degree of maliciousness that is a probability that the file may be malicious, and ii) a limit degree of safety that is a probability that the file will definitely prove to be malicious, wherein an aggregate of consecutively calculated degrees is described by a predetermined time law, deciding that the file is malicious when the degree of maliciousness and the limit degree of safety satisfy a predetermined criterion, wherein that criterion is a rule for the classification of the file according to an established correlation between the degree of maliciousness and the limit degree of safety.Type: GrantFiled: May 17, 2019Date of Patent: November 16, 2021Assignee: AO KASPERSKY LABInventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
-
Patent number: 11036858Abstract: Methods and systems are described in the present disclosure for training a model for detecting malicious objects on a computer system. In an exemplary aspect, a method includes: selecting files from a database used for training a detection model, the selection is performed based on learning rules, performing an analysis on the files by classifying them in a hierarchy of maliciousness, forming behavior patterns based on execution of the files and parameters of the execution, training the detection model according to the analysis of the files and the behavior patterns, verifying the trained detection model using a test selection of files to test determinations of harmfulness of the test selection of files, and when the verification fails, retraining the detection model using a different set of files from the database, otherwise applying the detection model to a new set of files to determine maliciousness.Type: GrantFiled: July 2, 2019Date of Patent: June 15, 2021Assignee: AO Kaspersky LabInventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
-
Publication number: 20210150030Abstract: Disclosed herein are systems and methods for determining a coefficient of harmfulness of a file using a trained learning model. In one aspect, an exemplary method includes forming a first vector containing a plurality of attributes of a known malicious file. A learning model is trained using the first vector to identify a plurality of significant attributes that influence identification of the malicious file. A second vector is formed containing a plurality of attributes of known safe files. The learning model is trained using the second vector to identify attributes insignificant to the identification of the malicious file. An unknown file is analyzed by the learning model. The learning model outputs a numerical value identifying a coefficient of harmfulness relating to a probability that the unknown file will prove to be harmful.Type: ApplicationFiled: January 26, 2021Publication date: May 20, 2021Inventors: Sergey V Prokudin, Alexey M. Romanenko
-
Publication number: 20210152592Abstract: Disclosed are systems and methods for countering a cyber-attack on computing devices by means of which users are interacting with services, which store personal data on the users. Data is collected about the services with which the users are interacting by means of the devices, as well as data about the devices themselves. The collected data is analyzed to detect when a cyber-attack on the devices is occurring as a result of a data breach of personal data on users from the online service. A cluster of the computing devices of different users of the online service experiencing the same cyber attack is identified. Attack vectors are identified based on the characteristics of the cyber attack experienced by the computing devices in the cluster. Actions are selected for countering the cyber-attack based on the identified attack vector and are sent to the devices of all users of the corresponding cluster.Type: ApplicationFiled: December 22, 2020Publication date: May 20, 2021Inventors: Vladislav V. MARTYNENKO, Alexey M. ROMANENKO
-
Publication number: 20210097177Abstract: A method for detection of malicious files includes training a mapping model for mapping files in a probability space. A plurality of characteristics of an analyzed file is determined based on a set of rules. A mapping of the analyzed file in probability space is generated based on the determined plurality of characteristics. A first database is searched using the generated mapping of the analyzed file to determine whether the analyzed file is associated with a family of malicious files. The first database stores mappings associated with one or more families of malicious files. In response to determining that the analyzed file is associated with the family of malicious files, a selection of one or more methods of malware detection is made from a second database. The second database stores a plurality of malware detection methods. The selected method is used to detect the associated family.Type: ApplicationFiled: March 11, 2020Publication date: April 1, 2021Inventors: Alexander Chistyakov, Alexey M. Romanenko