Static anomaly-based detection of malware files
US10089467B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | May 23, 2017 |
| Grant date | Oct 2, 2018 |
| Priority date | — |
| Expiry date | May 23, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A protection application detects and remediates malicious files on a client. The protection application trains models using known samples of static clean files, and the models characterize features of the clean files. A model may be selected based on metadata obtained from a target file. By processing features of the clean files and features of the target file, the model may generate an anomaly score indicating a level of dissimilarity between the target file and the sample. The protection application compares the anomaly score to one or more threshold scores to classify the target file. Additionally, the target file may be provided to a security server to check against a whitelist or blacklist for classification. Responsive to a classification as malicious, the protection application remediates the target file on the client.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.