System and method for in-situ classifier retraining for malware identification and model heterogeneity

Assignee

• BluVector, Inc. · US

Inventors

• Scott Miserendino · Baltimore, US
• Robert H. Klein · Silver Spring, US
• Ryan V. Peters · Elkridge, US
• Peter E. Kaloroumakis · Columbia, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1433
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A system and method for batched, supervised, in-situ machine learning classifier retraining for malware identification and model heterogeneity. The method produces a parent classifier model in one location and providing it to one or more in-situ retraining system or systems in a different location or locations, adjudicates the class determination of the parent classifier over the plurality of the samples evaluated by the in-situ retraining system or systems, determines a minimum number of adjudicated samples required to initiate the in-situ retraining process, creates a new training and test set using samples from one or more in-situ systems, blends a feature vector representation of the in-situ training and test sets with a feature vector representation of the parent training and test sets, conducts machine learning over the blended training set, evaluates the new and parent models using the blended test set and additional unlabeled samples, and elects whether to replace the parent classifier with the retrained version.