Refining synthetic malicious samples with unlabeled data
US10917421B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 19, 2018 |
| Grant date | Feb 9, 2021 |
| Priority date | — |
| Expiry date | Oct 14, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1458
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In one embodiment, a security device in a computer network determines a plurality of values for a plurality of features from samples of known malware, and computes one or more significant values out of the plurality of values, where each of the one or more significant values occurs across greater than a significance threshold of the samples. The security device may then determine feature values for samples of unlabeled traffic, and declares one or more particular samples of unlabeled traffic as synthetic malicious flow samples in response to all feature values for each synthetic malicious flow sample matching a respective one of the significant values for each corresponding respective feature. The security device may then use the samples of known malware and the synthetic malicious flow samples for model-based malware detection.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.