×

Systems and methods for detecting malware

  • US 10,007,786 B1
  • Filed: 11/28/2015
  • Issued: 06/26/2018
  • Est. Priority Date: 11/28/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for detecting malware, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

  • identifying a behavioral trace of a program, the behavioral trace comprising a sequence of runtime behaviors exhibited by the program;

    dividing the behavioral trace to identify a plurality of n-grams within the behavioral trace, each runtime behavior within the sequence of runtime behaviors corresponding to an n-gram token;

    analyzing the plurality of n-grams to generate a feature vector of the behavioral trace comprising;

    applying, for each given n-gram in the plurality of n-grams, a feature function to the behavioral trace that describes an occurrence characteristic of the given n-gram within the behavioral trace; and

    including a result of the feature function in the feature vector; and

    classifying the program based at least in part on the feature vector of the behavioral trace to determine whether the program is malicious;

    wherein;

    the feature vector comprises a plurality of dimensions, each n-gram within the plurality of n-grams corresponding to a dimension within the plurality of dimensions;

    the plurality of n-grams map to the plurality of dimensions according to a non-injective surjection; and

    including the result of the feature function in the feature vector comprises aggregating a subset of outputs of the feature function derived from a subset of the plurality of n-grams into a value and assigning the value to a dimension within the plurality of dimensions according to the non-injective surjection.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×