Method and apparatus for detecting malicious software using machine learning techniques
First Claim
Patent Images
1. A computer implemented method for determining whether a software application is malicious, comprising:
- accessing in a training phase, using a server application, a body of training data comprising a set of software applications, said server application configured to derive during said training phase a classification algorithm for determining whether software applications are likely benign or malicious;
before execution of a software application of interest, extracting, using a client or server application, a feature vector from the software application of interest by applying a mathematical transformation operation to the software application of interest to generate a series of values that represents features of the software application of interest and that is indicative of whether or not the software application of interest is likely to be benign or malicious;
applying the feature vector to the classification algorithm;
using the results of the classification algorithm to determine how to treat the software application of interest.
5 Assignments
0 Petitions
Accused Products
Abstract
Novel methods, components, and systems for detecting malicious software in a proactive manner are presented. More specifically, we describe methods, components, and systems that leverage machine learning techniques to detect malicious software. The disclosed invention provides a significant improvement with regard to detection capabilities compared to previous approaches.
38 Citations
13 Claims
-
1. A computer implemented method for determining whether a software application is malicious, comprising:
-
accessing in a training phase, using a server application, a body of training data comprising a set of software applications, said server application configured to derive during said training phase a classification algorithm for determining whether software applications are likely benign or malicious; before execution of a software application of interest, extracting, using a client or server application, a feature vector from the software application of interest by applying a mathematical transformation operation to the software application of interest to generate a series of values that represents features of the software application of interest and that is indicative of whether or not the software application of interest is likely to be benign or malicious; applying the feature vector to the classification algorithm; using the results of the classification algorithm to determine how to treat the software application of interest. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
2. A computer implemented method for determining whether a software application is malicious, comprising:
-
accessing in a training phase a body of training data comprising a set of software applications to derive during said training phase a classification algorithm for determining whether selected software applications are likely benign or malicious; before execution of a software application of interest, receiving from a client application a feature vector relating to the software application of interest, wherein the feature vector is generated by applying a mathematical transformation operation to the software application of interest and comprises a series of values that represents features of the software application of interest and that is indicative of whether or not the software application of interest is likely to be benign or malicious; applying the feature vector to the classification algorithm; transmitting information indicative of a maliciousness of the software application of interest to the client application based on the results of the application of the feature vector to the classification algorithm.
-
-
3. A computer implemented method for determining whether a software application is malicious, comprising:
-
before execution of a software application, extracting a feature vector from the software application by applying a mathematical transformation operation to the software application to generate a series of values that represents features of the software application and that is indicative of whether or not the software application is likely to be benign or malicious; transmitting said feature vector to a server application; receiving information indicative of a maliciousness of the software application from said server application relating to results of applying said feature vector to a classification algorithm concerning whether said software application is benign or potentially malicious.
-
Specification