Detecting malicious code in sections of computer files
First Claim
1. A computer-implemented method of evaluating a file for malicious code, the method comprising:
- receiving a plurality of normal files and a plurality of malicious files;
dividing each of the normal files and each of the malicious files into a plurality of file sections;
labeling each file section of the normal files as a normal file section;
labeling each file section of the malicious files as a malicious file section;
generating a machine learning model using a machine learning training data set comprising the labeled file sections of the normal files and the malicious files; and
using the machine learning model to identify which particular section of a target file contains malicious code.
1 Assignment
0 Petitions
Accused Products
Abstract
A training data set for training a machine learning module is prepared by dividing normal files and malicious files into sections. Each section of a normal file is labeled as normal. Each section of a malicious file is labeled as malicious regardless of whether or not the section is malicious. The sections of the normal files and malicious files are used to train the machine learning module. The trained machine learning module is packaged as a machine learning model, which is provided to an endpoint computer. In the endpoint computer, an unknown file is divided into sections, which are input to the machine learning model to identify a malicious section of the unknown file, if any is present in the unknown file.
39 Citations
17 Claims
-
1. A computer-implemented method of evaluating a file for malicious code, the method comprising:
-
receiving a plurality of normal files and a plurality of malicious files; dividing each of the normal files and each of the malicious files into a plurality of file sections; labeling each file section of the normal files as a normal file section; labeling each file section of the malicious files as a malicious file section; generating a machine learning model using a machine learning training data set comprising the labeled file sections of the normal files and the malicious files; and using the machine learning model to identify which particular section of a target file contains malicious code. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for evaluating files for malicious code, the system comprising:
-
a backend computer system that is configured to divide each of a plurality of normal files into file sections, divide each of a plurality of malicious files into file sections, label each file section of the normal files as a normal file section, label each file section of the malicious files as a malicious file section, and generate a machine learning model using a machine learning training data set comprising labeled file sections of the normal files and the malicious files; and an endpoint computer that is configured to receive the machine learning model over a computer network, receive a target file, and use the machine learning model to identify which particular section of the target file contains malicious code. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium comprising instructions stored thereon, that when executed by a processor, perform the steps of:
-
dividing each of a plurality of normal files and each of a plurality of malicious files into a plurality of file sections; labeling each file section of the normal files as a normal file section; labeling each file section of the malicious files as a malicious file section; generating a machine learning model using a machine learning training data set comprising labeled file sections of the normal files and the malicious files; and providing the machine learning model to an endpoint computer system to detect malicious files in the endpoint computer system. - View Dependent Claims (14, 15, 16, 17)
-
Specification