Antiransomware using machine learning
US12271476B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 16, 2023 |
| Grant date | Apr 8, 2025 |
| Priority date | — |
| Expiry date | Sep 27, 2043 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/568
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Data is received that comprises or characterizes an executable and dynamic linked library (DLL). Features are then extracted from the executable and DLL. The extracted features are input into at least one machine learning model to generate a suspiciousness score. The machine learning model can be trained to determine whether the executable file comprises ransomware. An execution chain of trust score for the executable and DLL can later be determined based on the extracted features and the suspiciousness score. This execution chain of trust score for the executable and DLL characterizes one or more associated parent processes. This suspiciousness score and the execution chain of trust score can be used to determine whether or not to initiate one or more ransomware countermeasures. Related apparatus, systems, techniques and articles are also described.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.