Patents by Inventor Alexey M. Romanenko

Alexey M. Romanenko has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10878090
    Abstract: The present disclosure is directed to a system and method of detecting malicious files by using a trained machine learning model. The system may comprise a hardware processor configured to form at least one behavior pattern, calculate the convolution of all behavior patterns, select from a database of detection models at least two models for detection of malicious files on the basis of the behavior patterns, calculate the degree of harmfulness of a file being executed on the basis of an analysis of the convolution and the at least two models for detection of malicious files, form, on the basis of the degrees of harmfulness, a decision-making pattern, recognize the file being executed as malicious if the degree of similarity between the formulated decision-making pattern and at least one of a predetermined decision-making patterns from a database of decision-making patterns previously formulated on the basis of an analysis of malicious files, exceeds a predetermined threshold value.
    Type: Grant
    Filed: October 2, 2018
    Date of Patent: December 29, 2020
    Assignee: AO KASPERSKY LAB
    Inventors: Alexander S. Chistyakov, Ekaterina M. Lobacheva, Alexey M. Romanenko
  • Patent number: 10878087
    Abstract: Disclosed herein are methods and systems for detecting malicious files using two stage file classification. An exemplary method comprises selecting, by a hardware processor, a set of attributes of a file under analysis, calculating, by the hardware processor, a hash of the file based on the selected set of attributes, selecting, by the hardware processor, a classifier for the file from a set of classifiers based on the calculated hash of the file, assigning, by the hardware processor, the file under analysis to the one or more categories based on the selected classifier, determining whether the file has been assigned to a category of malicious files and concluding that the file is malicious based on the determination.
    Type: Grant
    Filed: November 8, 2018
    Date of Patent: December 29, 2020
    Assignee: AO KASPERSKY LAB
    Inventors: Alexey M. Romanenko, Alexander V. Liskin, Sergey V. Prokudin
  • Patent number: 10867042
    Abstract: Disclosed are systems and methods generating a convolution function for training a malware detection model. An example method comprises generating, by a processor, a plurality of behavior patterns based on one or more logs of commands executed on a computing device, calculating, by the processor, an effectiveness of each of a plurality of methods for machine learning based on the plurality of behavior patterns, determining, by the processor, a preferred method for machine learning from the plurality of methods for machine learning by selecting the preferred method as a method with the greatest effectiveness from the plurality of methods for machine learning, obtaining, by the processor, parameters of the malware detection model by applying convolution functions to the plurality of behavior patterns, training, by the processor, the malware detection model to detect malicious files using the preferred method for machine learning.
    Type: Grant
    Filed: June 12, 2018
    Date of Patent: December 15, 2020
    Assignee: AO KAPERSKY LAB
    Inventors: Alexander S. Chistyakov, Ekaterina M. Lobacheva, Alexey M. Romanenko
  • Patent number: 10831891
    Abstract: The present disclosure provides a system for managing computer resources for detection of malicious files based on machine learning model. In one aspect, the system may comprise: a hardware processor configured to: form at least one behavior pattern on the basis of commands and parameters, calculate the convolution of the formed behavior pattern, calculate the degree of harmfulness the convolution and a model for detection of malicious files, manage the computing resources used to ensure the security of that computing device, based on the degree of harmfulness, wherein the degree of harmfulness is within a predetermined range of values and if the obtained degree of harmfulness of applications exceeds the predetermined threshold value, send a request to allocate additional resources of the computing device, otherwise send a request to free up previously allocated resources of the computing device.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: November 10, 2020
    Assignee: AO Kaspersky Lab
    Inventors: Alexander S. Chistyakov, Ekaterina M. Lobacheva, Alexey M. Romanenko
  • Patent number: 10795996
    Abstract: Disclosed are systems and methods for machine learning of a model for detecting malicious files. The described system samples files from a database of files and trains a detection model for detecting malicious files on the basis of an analysis of the sampled files. The described system forms behavior logs based on executable commands intercepted during execution of the sampled files, and generates behavior patterns based on the behavior log. The described system determines a convolution function based on the behavior patterns, and trains a detection model for detecting malicious files by calculating parameters of the detection model using the convolution function on the behavior patterns. The trained detection model may be used to detect malicious files by utilizing the detection model on a system behavior log generated during execution of suspicious files.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: October 6, 2020
    Assignee: AO Kaspersky Lab
    Inventors: Alexander S. Chistyakov, Ekaterina M. Lobacheva, Alexey M. Romanenko
  • Publication number: 20200210570
    Abstract: Methods and systems are described in the present disclosure for classifying malicious objects. In an exemplary aspect, a method includes: collecting data describing a state of an object of the computer system, forming a vector of features, calculating a degree of similarity based on the vector, calculating a limit degree of difference that is a numerical value characterizing the probability that the object being classified will certainly belong to another class, forming a criterion for determination of class of the object based on the degree of similarity and the limit degree of difference, determining that the object belongs to the determined class when the data satisfies the criterion, wherein the data is collected over a period of time defined by a data collection rule and pronouncing the object as malicious when it is determined that the object belongs to the specified class.
    Type: Application
    Filed: June 26, 2019
    Publication date: July 2, 2020
    Inventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
  • Publication number: 20200210573
    Abstract: Methods and systems are described in the present disclosure for training a model for detecting malicious objects on a computer system. In an exemplary aspect, a method includes: selecting files from a database used for training a detection model, the selection is performed based on learning rules, performing an analysis on the files by classifying them in a hierarchy of maliciousness, forming behavior patterns based on execution of the files and parameters of the execution, training the detection model according to the analysis of the files and the behavior patterns, verifying the trained detection model using a test selection of files to test determinations of harmfulness of the test selection of files, and when the verification fails, retraining the detection model using a different set of files from the database, otherwise applying the detection model to a new set of files to determine maliciousness.
    Type: Application
    Filed: July 2, 2019
    Publication date: July 2, 2020
    Inventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
  • Publication number: 20200210577
    Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises: forming a feature vector based on behavioral data of execution of a file, calculating parameters based on the feature vector using a trained model for calculation of parameters, wherein the parameters comprise: i) a degree of maliciousness that is a probability that the file may be malicious, and ii) a limit degree of safety that is a probability that the file will definitely prove to be malicious, wherein an aggregate of consecutively calculated degrees is described by a predetermined time law, deciding that the file is malicious when the degree of maliciousness and the limit degree of safety satisfy a predetermined criterion, wherein that criterion is a rule for the classification of the file according to an established correlation between the degree of maliciousness and the limit degree of safety.
    Type: Application
    Filed: May 17, 2019
    Publication date: July 2, 2020
    Inventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
  • Publication number: 20200210576
    Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises emulating execution of a file under analysis, forming a behavior log of the emulated execution of the file under analysis, forming one or more behavior patterns from commands and parameters selected from the behavior log, calculating a convolution of the one or more behavior patterns, selecting two or more models for detecting malicious files from a database, calculating a degree of maliciousness of the file being executed based using the convolution and the two or more models, forming a decision making template based on the degree of maliciousness and determining that the file is malicious when a degree of similarity between the decision making template and a predetermined decision making template exceeds a predetermined threshold value.
    Type: Application
    Filed: May 17, 2019
    Publication date: July 2, 2020
    Inventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
  • Publication number: 20200210567
    Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises: selecting a file from a database of files used to perform training of a model for detecting a malicious file, forming one or more behavior patterns from intercepted one or more commands and parameters during execution of the file, forming a detection model, wherein the detection model selects a method of machine learning and is initialized with one or more hyper-parameters, training the detection model by calculating the one or more hyper-parameters based on the one or more behavior patterns to form a group of rules for calculating a degree of maliciousness of a resource and calculating a degree of maliciousness of another file based on the trained detection model.
    Type: Application
    Filed: May 17, 2019
    Publication date: July 2, 2020
    Inventors: Alexander S. Chistyakov, Alexey M. Romanenko, Alexander S. Shevelev
  • Publication number: 20200125726
    Abstract: A system and method is provided for detecting anomalous events based on a dump of an address space of a software process in a memory of a computing device. An exemplary method includes detecting at least one event occurring in an operating system of the computing device during an execution of the software process, determining a context of the detected event, wherein the context comprises a dump of an address space of the software process containing code that was being executed at the moment of occurrence of the detected event, selecting a set of features of the dump for use in determining whether or not the event is anomalous, transforming the selected set of features of the dump into a convolution, determining a popularity of the convolution by polling a database, and determining that the detected event is an anomalous event if the determined popularity is below a threshold value.
    Type: Application
    Filed: December 17, 2019
    Publication date: April 23, 2020
    Inventors: Alexey V. MONASTYRSKY, Mikhail A. PAVLYUSHCHIK, Alexey M. ROMANENKO, Maxim Y. GOLOVKIN
  • Publication number: 20200104487
    Abstract: A system and method is provided for providing a set of convolutions to a computing device for detecting anomalous events occurring in an operating system of the computing device. An exemplary method includes launching an agent in an operating system of a client device, registering, by the agent, events occurring in the operating system, for each registered event, determining a context of the event, wherein the context comprises a call stack at a moment of occurrence of the event, selecting a set of features based on the call stack of the event, generating a convolution based on the selected set of features of the event and the context of the event, and adding the generated convolution to a set of convolutions of events occurring on client devices, and providing, to a client device from which a request is received, the set of convolutions of events occurring on client devices.
    Type: Application
    Filed: December 3, 2019
    Publication date: April 2, 2020
    Inventors: Alexey V. Monastyrsky, Mikhail A. Pavlyushchik, Alexey M. Romanenko, Maxim Y. Golovkin
  • Patent number: 10558801
    Abstract: A system and method is provided for detecting anomalous events occurring in an operating system of a computing device. An exemplary method includes detecting an event that occurs in the operating system of the computing device during execution of a software process. Moreover, the method includes determining a context of the detected event and forming a convolution of the detected event based on selected features of the determined context of the detected event. Further, the method includes determining a popularity of the formed convolution by polling a database containing data relating to a frequency of detected events occurring in client devices in a network, where the detected events of the client devices correspond to the detected event in the computing device. If the determined popularity is below a threshold value, the method determines that the detected event is an anomalous event.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: February 11, 2020
    Assignee: AO KASPERSKY LAB
    Inventors: Alexey V. Monastyrsky, Mikhail A. Pavlyushchik, Alexey M. Romanenko, Maxim Y. Golovkin
  • Patent number: 10528727
    Abstract: A system and method is provided for detecting anomalous events occurring in an operating system of a computing device. An exemplary method includes detecting an event that occurs in the operating system of the computing device during execution of a software process. Moreover, the method includes determining a context of the detected event and forming a convolution of the detected event based on selected features of the determined context of the detected event. Further, the method includes determining a popularity of the formed convolution by polling a database containing data relating to a frequency of detected events occurring in client devices in a network, where the detected events of the client devices correspond to the detected event in the computing device. If the determined popularity is below a threshold value, the method determines that the detected event is an anomalous event.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: January 7, 2020
    Assignee: AO Kaspersky Lab
    Inventors: Alexey V. Monastyrsky, Mikhail A. Pavlyushchik, Alexey M. Romanenko, Maxim Y. Golovkin
  • Publication number: 20200004956
    Abstract: Disclosed herein are methods and systems for detecting malicious files using two stage file classification. An exemplary method comprises selecting, by a hardware processor, a set of attributes of a file under analysis, calculating, by the hardware processor, a hash of the file based on the selected set of attributes, selecting, by the hardware processor, a classifier for the file from a set of classifiers based on the calculated hash of the file, assigning, by the hardware processor, the file under analysis to the one or more categories based on the selected classifier, determining whether the file has been assigned to a category of malicious files and concluding that the file is malicious based on the determination.
    Type: Application
    Filed: November 8, 2018
    Publication date: January 2, 2020
    Inventors: Alexey M. Romanenko, Alexander V. Liskin, Sergey V. Prokudin
  • Publication number: 20200004961
    Abstract: Disclosed herein are systems and methods of identifying malicious files using a learning model trained on a malicious file. In one aspect, an exemplary method comprises selecting, using a hardware processor, the malicious file from a plurality of malicious files that are known to be harmful, selecting, using the hardware processor, a plurality of safe files from a set of safe files that are known to be safe, generating, using the hardware processor, a learning model by training a neural network with the malicious file and the plurality of safe files, generating, using the hardware processor, rules for detection of malicious files from the learning model, determining, using the hardware processor, whether attributes of an unknown file fulfill the rules for detection of malicious files using the learning model and responsive to determining that the rules for detection are fulfilled, identifying, using the hardware processor, the unknown file as malicious.
    Type: Application
    Filed: November 9, 2018
    Publication date: January 2, 2020
    Inventors: Sergey V. Prokudin, Alexey M. Romanenko
  • Publication number: 20190387017
    Abstract: Disclosed are systems and methods for countering a cyber-attack on computing devices by means of which users are interacting with services, which store personal data on the users. Data is gathered about the services with which the users are interacting by means of the devices, as well as data about the devices themselves. The collected data is analyzed to detect when a cyber-attack on the devices is occurring as a result of a data breach of personal data on users from at least one service. Actions are selected for countering the cyber-attack and are sent to the devices of all users of the corresponding cluster in the event that a match is found in the characteristics of the attack vector for at least one device of another user whose devices belong to the corresponding cluster.
    Type: Application
    Filed: June 19, 2018
    Publication date: December 19, 2019
    Inventors: Vladislav V. MARTYNENKO, Alexey M. ROMANENKO
  • Patent number: 10489586
    Abstract: A system and method is provided for detecting anomalous events occurring in an operating system of a computing device. An exemplary method includes detecting an event that occurs in the operating system of the computing device during execution of a software process. Moreover, the method includes determining a context of the detected event and forming a convolution of the detected event based on selected features of the determined context of the detected event. Further, the method includes determining a popularity of the formed convolution by polling a database containing data relating to a frequency of detected events occurring in client devices in a network, where the detected events of the client devices correspond to the detected event in the computing device. If the determined popularity is below a threshold value, the method determines that the detected event is an anomalous event.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: November 26, 2019
    Assignee: AO Kaspersky Lab
    Inventors: Alexey V. Monastyrsky, Mikhail A. Pavlyushchik, Alexey M. Romanenko, Maxim Y. Golovkin
  • Patent number: 10372907
    Abstract: Disclosed are systems and method for detecting a malicious computer system. An exemplary method comprises: collecting, via a processor, characteristics of a computer system; determining relations between collected characteristics of the computer system; determining a time dependacy of at least one state of the computer system based on determined relations; determining the at least one state of the computer system based at least on determined time dependacy; and analyzing the at least one state of the computer system in connection with selected patterns representing a legal or malicious computer system to determine a degree of harmfulness of the computer system.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: August 6, 2019
    Assignee: AO Kaspersky Lab
    Inventors: Alexey E. Antonov, Alexey M. Romanenko
  • Publication number: 20190114419
    Abstract: Disclosed are systems and methods for detection of malicious files using machine learning. An example method comprises: selecting one or more data blocks in an object being analyzed based on rules; performing a static analysis on the one or more data blocks to determine a set of features of the one or more data blocks; determining a degree of harmfulness of the object based on the set of features and a model for detection of malicious objects, wherein the model has been trained by a method for machine learning on at least one safe object and one malicious object; recognizing the object is safe when the degree of harmfulness does not exceed a predetermined threshold of harmfulness; and recognizing the object is malicious when the degree of harmfulness of the one or more data blocks exceeds the predetermined threshold of harmfulness.
    Type: Application
    Filed: June 14, 2018
    Publication date: April 18, 2019
    Inventors: Alexander S. CHISTYAKOV, Ekaterina M. LOBACHEVA, Alexey M. ROMANENKO