Learning detector of malicious network traffic from weak labels
US9923912B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 4, 2015 |
| Grant date | Mar 20, 2018 |
| Priority date | — |
| Expiry date | Mar 3, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0281
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are presented that identify malware network communications between a computing device and a server utilizing a detector process. Network traffic records are classified as either malware or legitimate network traffic records and divided into groups of classified network traffic records associated with network communications between the computing device and the server for a predetermined period of time. A group of classified network traffic records is labeled as malicious when at least one of the classified network traffic records in the group is malicious and as legitimate when none of the classified network traffic records in the group is malicious to obtain a labeled group of classified network traffic records. A detector process is trained on individual classified network traffic records in the labeled group of classified network traffic records and network communication between the computing device and the server is identified as malware network communication utilizing the detector process.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.