×

Modeling malicious behavior that occurs in the absence of users

  • US 10,452,841 B1
  • Filed: 05/01/2017
  • Issued: 10/22/2019
  • Est. Priority Date: 05/01/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method of identifying malicious events occurring on computer devices in the absence of users, the method comprising:

  • training an anomaly detection model using attributes associated with a first plurality of events representing system activity that occurs when users are not present on one or more first clean computer devices;

    utilizing the anomaly detection model to remove benign events from a second plurality of events captured from infected computer devices when users are not present;

    utilizing malicious events from the second plurality of events and benign events from a third plurality of events on one or more second clean computer devices to train a classifier; and

    utilizing the classifier to identify a first set of attributes which are able to predict if an event is malicious with a predictive power greater than a threshold.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×