Malware detection using local computational models
US10726128B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 24, 2017 |
| Grant date | Jul 28, 2020 |
| Priority date | — |
| Expiry date | Mar 19, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Example techniques herein determine that a trial data stream is associated with malware (“dirty”) using a local computational model (CM). The data stream can be represented by a feature vector. A control unit can receive a first, dirty feature vector (e.g., a false miss) and determine the local CM based on the first feature vector. The control unit can receive a trial feature vector representing the trial data stream. The control unit can determine that the trial data stream is dirty if a broad CM or the local CM determines that the trial feature vector is dirty. In some examples, the local CM can define a dirty region in a feature space. The control unit can determine the local CM based on the first feature vector and other clean or dirty feature vectors, e.g., a clean feature vector nearest to the first feature vector.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.