Independent malware detection architecture

Assignee

• UT-BATTELLE, LLC · US

Inventors

• Jared M. Smith · Albuquerque, US
• Rachel L. Petrik · Oak Ridge, US
• Berat E. Arik · Oak Ridge, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N20/10
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A system and method (referred to as the system) detect malware by training a rule-based model, a functional based model, and a deep learning-based model from a memory snapshot of a malware free operating state of a monitored device. The system extracts a feature set from a second memory snapshot captured from an operating state of the monitored device and processes the feature set by the rule-based model, the functional-based model, and the deep learning-based model. The system identifies identifying instances of malware on the monitored device without processing data identifying an operating system of the monitored device, data associated with a prior identification of the malware, data identifying a source of the malware, data identifying a location of the malware on the monitored device, or any operating system specific data contained within the monitored device.