Advanced malware classification
First Claim
1. A system, comprising:
- at least one processor; and
at least one memory including program code which when executed by the at least one processor provides operations comprising;
providing, to a display, contextual information associated with a file to at least enable a classification of the file and an estimated amount of time required to classify the file, when a malware classifier is unable to classify the file, the estimated amount of time being determined by a machine learning model trained based on training data comprising previously classified files and corresponding timestamps for when each such file was first encountered and when each such file was classified;
receiving, in response to the providing of the contextual information, the classification of the file; and
updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file.
1 Assignment
0 Petitions
Accused Products
Abstract
In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.
7 Citations
32 Claims
-
1. A system, comprising:
-
at least one processor; and at least one memory including program code which when executed by the at least one processor provides operations comprising; providing, to a display, contextual information associated with a file to at least enable a classification of the file and an estimated amount of time required to classify the file, when a malware classifier is unable to classify the file, the estimated amount of time being determined by a machine learning model trained based on training data comprising previously classified files and corresponding timestamps for when each such file was first encountered and when each such file was classified; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
providing, to a display, contextual information associated with a file to at least enable a classification of the file and an estimated amount of time required to classify the file, when a malware classifier is unable to classify the file, the estimated amount of time being determined by a machine learning model trained based on training data comprising previously classified files and corresponding timestamps for when each such file was first encountered and when each such file was classified; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A non-transitory computer-readable storage medium including program code which when executed by at least one processor causes operations comprising:
-
providing, to a display, contextual information associated with a file to at least enable a classification of the file and an estimated amount of time required to classify the file, when a malware classifier is unable to classify the file, the estimated amount of time being determined by a machine learning model trained based on training data comprising previously classified files and corresponding timestamps for when each such file was first encountered and when each such file was classified; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file.
-
-
32. An apparatus, comprising:
-
means for providing, to a display, contextual information associated with a file to at least enable a classification of the file and an estimated amount of time required to classify the file, when a malware classifier is unable to classify the file, the estimated amount of time being determined by a machine learning model trained based on training data comprising previously classified files and corresponding timestamps for when each such file was first encountered and when each such file was classified; means for receiving, in response to the providing of the contextual information, the classification of the file; and means for updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file.
-
Specification