Method and system for static behavior-predictive malware detection

Assignee

• Trend Micro Incorporated · JP

Inventors

• Wen-Kwang Tsao · Taipei, TW
• Chia-Yen Chang · Taipei, TW
• PingHuan Wu · Taipei, TW

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1425
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Disclosed are a method and system for static behavior-predictive malware detection. The method and system use a transfer learning model from behavior prediction to malware detection based on static features. In accordance with an embodiment, machine learning is used to capture the relations between static features, behavior features, and other context information. For example, the machine learning may be implemented with a deep learning network model with multiple embedded layers pre-trained with metadata gathered from various resources, including sandbox logs, simulator logs and context information. Synthesized behavior-related static features are generated by projecting the original static features to the behavior features. A final static model may then be trained using the combination of the original static features and the synthesized features as the training data. The detection stage may be performed in real time with static analysis because only static features are needed. Other embodiments and features are disclosed.