Application execution control utilizing ensemble machine learning for discernment
First Claim
Patent Images
1. A method for implementation by one or more computer systems comprising:
- receiving, from a feature collector, at least one feature from a plurality of possible features to enable a determination of whether to execute or continue to execute at least a portion of a program;
selecting, by a model collector, a machine learning model from an existing ensemble of machine learning models which can be used to discern at least the portion of the program, the selected machine learning model enabling a determination of whether to allow at least the portion of the program to execute or continue to execute based on whether such at least the portion of the program is deemed safe or unsafe;
determining, based on the selected machine learning model, whether to allow at least the portion of the program to execute or continue to execute;
allowing at least the portion of the program to execute or continue to execute, when the selected machine learning model determines that at least the portion of the program is allowed to execute or continue to execute; and
preventing at least the portion of the program from executing or continuing to execute, when the selected machine learning model determines that at least the portion of the program is not allowed to execute or continue to execute;
wherein selection of the machine learning model by the model collector is predicated on either which of the possible features are received from the feature collector or a current availability or scarcity of computing resources.
1 Assignment
0 Petitions
Accused Products
Abstract
Described are techniques to enable computers to efficiently determine if they should run a program based on an immediate (i.e., real-time, etc.) analysis of the program. Such an approach leverages highly trained ensemble machine learning algorithms to create a real-time discernment on a combination of static and dynamic features collected from the program, the computer'"'"'s current environment, and external factors. Related apparatus, systems, techniques and articles are also described.
74 Citations
33 Claims
-
1. A method for implementation by one or more computer systems comprising:
-
receiving, from a feature collector, at least one feature from a plurality of possible features to enable a determination of whether to execute or continue to execute at least a portion of a program; selecting, by a model collector, a machine learning model from an existing ensemble of machine learning models which can be used to discern at least the portion of the program, the selected machine learning model enabling a determination of whether to allow at least the portion of the program to execute or continue to execute based on whether such at least the portion of the program is deemed safe or unsafe; determining, based on the selected machine learning model, whether to allow at least the portion of the program to execute or continue to execute; allowing at least the portion of the program to execute or continue to execute, when the selected machine learning model determines that at least the portion of the program is allowed to execute or continue to execute; and preventing at least the portion of the program from executing or continuing to execute, when the selected machine learning model determines that at least the portion of the program is not allowed to execute or continue to execute; wherein selection of the machine learning model by the model collector is predicated on either which of the possible features are received from the feature collector or a current availability or scarcity of computing resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system comprising:
-
at least one hardware data processor; and memory storing instructions which, when executed by the at least one hardware data processor, result in operations comprising; receiving a plurality of features from at least two difference to enable a determination of whether to execute or continue to execute at least a portion of a program based on whether such at least the portion of the program is deemed safe or unsafe; selecting, based on the received plurality of features, a machine learning model from an existing ensemble of machine learning models which can be used to discern at least the portion of the program, the selected machine learning model enabling a determination of whether to allow at least the portion of the program to execute or continue to execute; determining, based on the selected machine learning model, whether to allow at least the portion of the program to execute or continue to execute; allowing at least the portion of the program to execute or continue to execute, when the selected machine learning model determines that at least the portion of the program is allowed to execute or continue to execute; and preventing at least the portion of the program from executing or continuing to execute, when the selected machine learning model determines that at least the portion of the program is not allowed to execute or continue to execute; wherein the preventing of at least the portion of the program from executing or continuing to execute comprises one or more of; implementing constraints on at least the portion of the program prior to it being run or before it continues to run; quarantining at least the portion of the program; and deleting at least the portion of the program. - View Dependent Claims (30, 31, 32, 33)
-
Specification