System and method of distributing files between virtual machines forming a distributed system for performing antivirus scans
First Claim
1. A method for detecting malicious files in a distributed network having a plurality of protected virtual machines, the method comprising:
- obtaining, by a first protected virtual machine of the plurality of protected virtual machines, at least one file from a thin client installed on the first protected virtual machine, for performing an antivirus scan of the at least one file;
collecting, by the first protected virtual machine, data relating to characteristics of computing resources of the plurality of protected virtual machines and one or more parameters relating to the antivirus scan;
determining an approximation time function of the characteristics of the computing resources of the plurality of virtual machines based on analysis of the data relating to the characteristics of the computing resources;
determining an approximation function of the one or more parameters relating to the antivirus scan based at least on collected data defining behavior of the antivirus scan;
determining an approximation time function of effectiveness of the antivirus scan based at least on the approximation time function of the characteristics of the computing resources and the approximation function of the one or more parameters, wherein effectiveness of the antivirus scan is determined by comparing defined properties of the antivirus scan with predetermined criteria; and
based at least on the approximation time function of effectiveness of the antivirus scan, selecting at least one virtual machine from the plurality of virtual machines to perform the antivirus scan in order to determine whether the at least one file is malicious according to the desired effectiveness of the antivirus scan.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system is provided for detecting malicious files in a distributed network having a plurality of virtual machines. An example method includes: determining and obtaining, by a virtual machine, at least one file for performing an antivirus scan; collecting data relating to characteristics of computing resources of each virtual machine and parameters relating to the antivirus scan; determining an approximation time function of the characteristics of the computing resources and an approximation function of the one or more parameters for determining an approximation time function of effectiveness of the antivirus scan; and beased at least on the approximation time function of effectiveness of the antivirus scan, selecting one virtual machine to perform the antivirus scan in order to determine whether the at least one file is malicious.
20 Citations
20 Claims
-
1. A method for detecting malicious files in a distributed network having a plurality of protected virtual machines, the method comprising:
-
obtaining, by a first protected virtual machine of the plurality of protected virtual machines, at least one file from a thin client installed on the first protected virtual machine, for performing an antivirus scan of the at least one file; collecting, by the first protected virtual machine, data relating to characteristics of computing resources of the plurality of protected virtual machines and one or more parameters relating to the antivirus scan; determining an approximation time function of the characteristics of the computing resources of the plurality of virtual machines based on analysis of the data relating to the characteristics of the computing resources; determining an approximation function of the one or more parameters relating to the antivirus scan based at least on collected data defining behavior of the antivirus scan; determining an approximation time function of effectiveness of the antivirus scan based at least on the approximation time function of the characteristics of the computing resources and the approximation function of the one or more parameters, wherein effectiveness of the antivirus scan is determined by comparing defined properties of the antivirus scan with predetermined criteria; and based at least on the approximation time function of effectiveness of the antivirus scan, selecting at least one virtual machine from the plurality of virtual machines to perform the antivirus scan in order to determine whether the at least one file is malicious according to the desired effectiveness of the antivirus scan. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for detecting malicious files in a distributed network having a plurality of protected virtual machines, the system comprising:
-
a hardware processor, configured to; obtain at least one file from a thin client installed on a first protected virtual machine, for performing an antivirus scan of the at least one file; collect data relating to characteristics of computing resources of the plurality of protected virtual machines and one or more parameters relating to the antivirus scan; determine an approximation time function of the characteristics of the computing resources of the plurality of virtual machines based on analysis of the data relating to the characteristics of the computing resources; determine an approximation function of the one or more parameters relating to the antivirus scan based at least on collected data defining behavior of the antivirus scan; determine an approximation time function of effectiveness of the antivirus scan based at least on the approximation time function of the characteristics of the computing resources and the approximation function of the one or more parameters, wherein effectiveness of the antivirus scan is determined by comparing defined properties of the antivirus scan with predetermined criteria; and based at least on the approximation time function of effectiveness of the antivirus scan, select at least one virtual machine from the plurality of virtual machines to perform the antivirus scan in order to determine whether the at least one file is malicious according to the desired effectiveness of the antivirus scan. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable medium storing thereon computer executable instructions for detecting malicious files in a distributed network having a plurality of protected virtual machines, including instructions for:
-
obtaining, by a first protected virtual machine of the plurality of protected virtual machines, at least one file from a thin client installed on the first protected virtual machine, for performing an antivirus scan of the at least one file; collecting, by the first protected virtual machine, data relating to characteristics of computing resources of the plurality of protected virtual machines and one or more parameters relating to the antivirus scan; determining an approximation time function of the characteristics of the computing resources of the plurality of virtual machines based on analysis of the data relating to the characteristics of the computing resources; determining an approximation function of the one or more parameters relating to the antivirus scan based at least on collected data defining behavior of the antivirus scan; determining an approximation time function of effectiveness of the antivirus scan based at least on the approximation time function of the characteristics of the computing resources and the approximation function of the one or more parameters, wherein effectiveness of the antivirus scan is determined by comparing defined properties of the antivirus scan with predetermined criteria; and based at least on the approximation time function of effectiveness of the antivirus scan, selecting at least one virtual machine from the plurality of virtual machines to perform the antivirus scan in order to determine whether the at least one file is malicious according to the desired effectiveness of the antivirus scan. - View Dependent Claims (20)
-
Specification