×

Anomaly based malware detection

  • US 10,489,589 B2
  • Filed: 11/21/2016
  • Issued: 11/26/2019
  • Est. Priority Date: 11/21/2016
  • Status: Active Grant
First Claim
Patent Images

1. A system, comprising:

  • at least one processor; and

    at least one memory including program code which when executed by the at least one processor provides operations comprising;

    reducing a dimensionality of a plurality of features representative of files within a file set having a plurality of clusters, the files representing benign files such that the files in the reduced dimension representation of the file set conform to a mixture of Gaussian distributions, the reducing being performed by generating a random projection of the plurality of features, wherein the files in the file set are not distributed in a Gaussian manner prior to the reducing;

    reducing a dimensionality of a plurality of features of a file to be classified;

    determining, based at least on a reduced dimension representation of the file set and the reduced dimension representation of the file, a Mahalanobis distance between the file and the file set, the distance characterizing a deviation between the file and the file set;

    determining, based at least on the distance between the file and the file set being greater than a threshold value indicating that the file is anomalous, a classification for the file, the classification being used to determine whether to access and/or execute the file; and

    preventing the file from being accessed or executed when the classification indicates that the file is malware.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×