REALTIME MULTIPLE ENGINE SELECTION AND COMBINING
First Claim
1. A computer-implemented engine selection system having computer readable media that store executable instructions executed by a processor, comprising:
- an engine component that includes multiple different classification engines for processing of unknown entities;
an inspection component that inspects an unknown entity for entity properties; and
a selection component that makes a selection of one or more candidate classification engines of the different classification engines to process the unknown entity, the selection based at least in part on the entity properties.
2 Assignments
0 Petitions
Accused Products
Abstract
Architecture that selects a classification engine based on the expertise of the engine to process a given entity (e.g., a file). Selection of an engine is based on a probability that the engine will detect an unknown entity classification using properties of the entity. One or more of the highest ranked engines are activated in order to achieve the desired performance. A statistical, performance-light module is employed to skip or select several performance-demanding processes. Methods and algorithms are utilized for learning based on matching the best classification engine(s) to detect the entity class based on the entity properties. A user selection option is provided for specifying a maximum number of ranked, classification engines to consider for each state of the machine. A user can also select the minimum probability of detection for a specific entity (e.g., unknown file). The best classifications are re-evaluated over time as the classification engines are updated.
362 Citations
20 Claims
-
1. A computer-implemented engine selection system having computer readable media that store executable instructions executed by a processor, comprising:
-
an engine component that includes multiple different classification engines for processing of unknown entities; an inspection component that inspects an unknown entity for entity properties; and a selection component that makes a selection of one or more candidate classification engines of the different classification engines to process the unknown entity, the selection based at least in part on the entity properties. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented engine selection system having computer readable media that store executable instructions executed by a processor, comprising:
-
an engine component that includes multiple different anti-malware classification engines for processing of unknown files; an inspection component that receives and inspects an unknown file for file properties; a selection component that makes a selection of one or more candidate anti-malware classification engines from the different anti-malware classification engines to process the unknown file, the selection based at least in part on the file properties input to a given candidate classification engine; and a learning component that learns the candidate anti-malware classification engines based on successful matching of the candidate anti-malware classification engines to the unknown file. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer-implemented engine selection method executed by a processor, comprising:
-
inspecting file properties of an unknown file; selecting one or more candidate anti-malware classification engines from a set of classification engines based on the file properties; processing the unknown file using the one or more candidate anti-malware classification engines to output classification information for each of the candidate anti-malware classification engines; and classifying the unknown file based on a single output or multiple outputs of the one or more of the candidate anti-malware classification engines. - View Dependent Claims (17, 18, 19, 20)
-
Specification