MACHINE LEARNING MODEL FOR MALWARE DYNAMIC ANALYSIS
First Claim
1. A system comprising:
- at least one processor; and
at least one memory including program code which when executed by the at least one processor causes operations comprising;
analyzing a series of events contained in received data, the series of events comprising events that occur during the execution of a data object, and the series of events being analyzed to at least extract, from the series of events, one or more subsequences of events;
determining, by a machine learning model, a classification for the received data, the machine learning model classifying the received data based at least on whether the one or more subsequences of events are malicious; and
providing the classification indicative of whether the received data is malicious.
0 Assignments
0 Petitions
Accused Products
Abstract
In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.
18 Citations
32 Claims
-
1. A system comprising:
-
at least one processor; and at least one memory including program code which when executed by the at least one processor causes operations comprising; analyzing a series of events contained in received data, the series of events comprising events that occur during the execution of a data object, and the series of events being analyzed to at least extract, from the series of events, one or more subsequences of events; determining, by a machine learning model, a classification for the received data, the machine learning model classifying the received data based at least on whether the one or more subsequences of events are malicious; and providing the classification indicative of whether the received data is malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method, comprising:
-
analyzing a series of events contained in received data, the series of events comprising events that occur during the execution of a data object, and the series of events being analyzed to at least extract, from the series of events, one or more subsequences of events; determining, by a machine learning model, a classification for the received data, the machine learning model classifying the received data based at least on whether the one or more subsequences of events are malicious; and providing the classification indicative of whether the received data is malicious. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A non-transitory computer-readable storage medium including program code, which when executed by at least one data processor, cause operations comprising:
-
analyzing a series of events contained in received data, the series of events comprising events that occur during the execution of a data object, and the series of events being analyzed to at least extract, from the series of events, one or more subsequences of events; determining, by a machine learning model, a classification for the received data, the machine learning model classifying the received data based at least on whether the one or more subsequences of events are malicious; and providing the classification indicative of whether the received data is malicious.
-
-
32. An apparatus, comprising:
-
means for analyzing a series of events contained in received data, the series of events comprising events that occur during the execution of a data object, and the series of events being analyzed to at least extract, from the series of events, one or more subsequences of events; means for determining, by a machine learning model, a classification for the received data, the machine learning model classifying the received data based at least on whether the one or more subsequences of events are malicious; and means for providing the classification indicative of whether the received is malicious.
-
Specification