The number of different software applications for user's computing devices, such as personal computers, laptops, tablet, smart phones, etc, increases with tremendous pace. Among the multitude of applications there is a group of malicious programs which are able to cause harm to the user device or the data of the user, such as: Internet worms, key loggers and computer viruses. There have been developed many different technologies for providing computer security, such as antivirus software, which is designed to detect malicious programs on the user device and to block their operating ability (e.g., placing them in quarantine or removing them from the user device).
The antivirus software may use a number of different methods of detecting malicious software, malicious processes, other malicious objects of the operating system (OS) and links to them, such as the URI (Universal Resource Identifier, such as file://***.exe). The most popular malware detection methods are signature analysis (a technology for finding correspondences between a particular segment of code of the program being analyzed and a known code, or signature, in a database of signatures of malicious programs), heuristic analysis (a technology involving emulating the working of a program being analyzed, creating an API (Application Programming Interface) function call log, and finding correspondences between the data of the created API function call log and the data in a database of emulations of malicious programs), and proactive analysis (a technology involving intercepting API function calls launched in the system of the program being analyzed, creating an API function call log, and finding correspondences between the data of the created log and the data in a database of calls for API functions of malicious programs).
In operation, each of the aforementioned methods requires data to be used for the detection of malicious objects, for example, in the case of signature analysis, such data might be signatures, for heuristic analysis, such the data might be heuristic rules. Despite the fact that, for example, when a single signature is used, the antivirus software may detect a whole array of malicious objects similar in their structure or in the harm caused. Therefore, the ever increasing number of malicious objects which can cause harm to the user's data or to his computer requires a corresponding increase in the volume of data used for detecting malicious objects. In the majority of cases, said data is stored on the user's computer as part of antivirus libraries—a component of the antivirus software. Thus, increasing the volume of data used for the detection, may result in the decrease of available space on the hard drive of the user device.
Although there are known approaches aimed at optimizing (reducing) the space on a hard drive occupied by data used for the detection of malicious objects, they are not able to solve the problem of selection of the data to be used for the detection of malicious objects, namely, the generating of such a set of data to be used for the detection of malicious objects which does not require a large memory volume for storage, yet which affords a reliable protection of the user device, or they do not solve this problem effectively enough. Therefore, there is a need for a more effective solution of the problem of selection of the data to be used for detection of malicious objects.