System and method for machine based detection of a malicious executable file
US11030312B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 18, 2018 |
| Grant date | Jun 8, 2021 |
| Priority date | — |
| Expiry date | Dec 5, 2039 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A system for training a file classification model for classifying malicious software comprising at least one hardware processor adapted to: computing a plurality of datasets, each for one of a plurality of executable files, each file having a label, each dataset is computed by: receiving a respective file; detecting a plurality of binary functions in the respective file; translating each of the respective plurality of binary functions to produce a plurality of disassembled functions; clustering a plurality of operation-codes identified in the plurality of disassembled functions into a plurality of clusters according to respective operation-code; computing a plurality of statistical values of the plurality of disassembled functions and the plurality of clusters; and associating the plurality of statistical values with the file's label to produce a dataset; and training a file classification model using the plurality of datasets to compute at least one classification score of an input file.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.