Systems and methods for classifying files as specific types of malware
US10489587B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 22, 2016 |
| Grant date | Nov 26, 2019 |
| Priority date | — |
| Expiry date | Jul 7, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The disclosed computer-implemented method for classifying files as specific types of malware may include (i) identifying an unknown file on a computing device, (ii) performing an analysis of the unknown file by applying, to the unknown file, a machine-learning heuristic that employs at least one decision tree, (iii) classifying the unknown file as malicious based on the analysis, and (iv) after classifying the unknown file as malicious, using the same decision tree employed by the machine-learning heuristic to sub-classify the unknown file by (a) identifying at least one leaf node of the decision tree arrived at by the analysis performed by the machine-learning heuristic on the unknown file, (b) determining that the leaf node of the decision tree is associated with a particular type of malicious file, and (c) sub-classifying the unknown file as the particular type of malicious file. Various other methods, systems, and computer-readable media are also disclosed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.