Detecting malware attacks using extracted behavioral features

Assignee

• International Business Machines Corporation · US

Inventors

• Shlomit Avrahami · Jerusalem, IL
• Tali Finelt · Jerusalem, IL
• Itai Gordon · Jerusalem, IL
• Yakir Keisar · Toronto, CA
• Ilan D. Prager · Bet Shemesh, IL
• Alexander Pyasik · 'Anata, IL
• Oded Sofer · Yeroham, IL
• Or Bar-Yaacov · Jerusalem, IL
• Yifat Yulevich · Bazra, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1433
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Detecting malware attacks is described herein. A computer-implemented method may include receiving, via a processor, events from a plurality of activity monitors. The method also include extracting, via the processor, a plurality of behavioral features from the received events. The method may further include detecting, via the processor, a malware attack based on the extracted behavioral features using a malware identification model trained on private data and public data using a machine learning technique, wherein the private data includes private enterprise attack findings. The method may also include executing, via the processor, an ad hoc protection improvement based on the detected malware attack.