Method and Apparatus for Detecting Malicious Software Using Machine Learning Techniques
First Claim
Patent Images
1. One or more non-transitory computer readable storage media encoded with instructions that, when executed by one or more computer processors, cause the one or more computer processors to perform operations comprising:
- before execution of a software application, extracting a feature vector from the software application by applying a mathematical transformation operation to the software application to generate a series of values that represents features of the software application and that is indicative of whether or not the software application is likely to be benign or malicious; and
generating information indicative of a maliciousness of the software application by applying said feature vector to a classification algorithm concerning whether said software application is benign or potentially malicious.
0 Assignments
0 Petitions
Accused Products
Abstract
Novel methods, components, and systems for detecting malicious software in a proactive manner are presented. More specifically, we describe methods, components, and systems that leverage machine learning techniques to detect malicious software. The disclosed invention provides a significant improvement with regard to detection capabilities compared to previous approaches.
36 Citations
21 Claims
-
1. One or more non-transitory computer readable storage media encoded with instructions that, when executed by one or more computer processors, cause the one or more computer processors to perform operations comprising:
-
before execution of a software application, extracting a feature vector from the software application by applying a mathematical transformation operation to the software application to generate a series of values that represents features of the software application and that is indicative of whether or not the software application is likely to be benign or malicious; and generating information indicative of a maliciousness of the software application by applying said feature vector to a classification algorithm concerning whether said software application is benign or potentially malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more non-transitory computer readable storage media encoded with instructions that, when executed by one or more computer processors, cause the one or more computer processors to perform operations comprising:
-
accessing in a training phase a body of training data including a set of software applications to derive during said training phase a classification algorithm for determining whether selected software applications are likely benign or malicious; receiving a feature vector relating to a software application of interest, wherein the feature vector is generated by applying a mathematical transformation operation to the software application of interest and the feature vector includes a series of values that represents one or more features of the software application of interest indicative of whether or not the software application of interest is likely to be benign or malicious; applying the feature vector to the classification algorithm; and generating information indicative of a maliciousness of the software application of interest based on results of the application of the feature vector to the classification algorithm. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
one or more network interfaces configured to transmit and receive data on a computer network; a processor coupled to the network interfaces and configured to execute one or more processes; and a memory configured to store instructions executable by the processor, when executed causing the processor to perform operations comprising; accessing in a training phase a body of training data including a set of software applications to derive during said training phase a classification algorithm for determining whether selected software applications are likely benign or malicious; receiving a feature vector relating to a software application of interest, wherein the feature vector is generated by applying a mathematical transformation operation to the software application of interest and the feature vector includes a series of values that represents one or more features of the software application of interest indicative of whether or not the software application of interest is likely to be benign or malicious; applying the feature vector to the classification algorithm; and generating information indicative of a maliciousness of the software application of interest based on results of the application of the feature vector to the classification algorithm. - View Dependent Claims (18, 19, 20, 21)
-
Specification