Systems and methods for improving forest-based malware detection within an organization
First Claim
1. A computer-implemented method for improving forest-based malware detection within an organization, at least a portion of the method being performed by a backend computing system comprising at least one processor, the method comprising:
- receiving, at the backend computing system, organization data from at least one organization computing device within an organization computer network;
adjusting, at the backend computing system, a general use forest model to generate an organization-specific forest model for detecting malicious computer files within the organization computer network, wherein adjusting the general use forest model comprises changing a weight of at least one leaf node of the general use forest model based on the organization data;
sending, from the backend computing system, the organization-specific forest model to the at least one organization computing device;
detecting, by the backend computing system the at least one organization computing device, using the organization-specific forest model, malware in a file received on the at least one organization computing device within the organization computer network; and
performing a security action with respect to the file to protect the backend computing system or the at least one organization computing device or both.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for improving forest-based malware detection within an organization may include (i) receiving, at a backend computing system, organization data from at least one organization computing device within an organization computer network, (ii) adjusting, at the backend computing system, a general use forest model based on the organization data to generate an organization-specific forest model for detecting malicious computer files within the organization computer network, and (iii) sending, from the backend computing system, the organization-specific forest model to the at least one organization computing device. Various other methods, systems, and computer-readable media are also disclosed.
19 Citations
17 Claims
-
1. A computer-implemented method for improving forest-based malware detection within an organization, at least a portion of the method being performed by a backend computing system comprising at least one processor, the method comprising:
-
receiving, at the backend computing system, organization data from at least one organization computing device within an organization computer network; adjusting, at the backend computing system, a general use forest model to generate an organization-specific forest model for detecting malicious computer files within the organization computer network, wherein adjusting the general use forest model comprises changing a weight of at least one leaf node of the general use forest model based on the organization data; sending, from the backend computing system, the organization-specific forest model to the at least one organization computing device; detecting, by the backend computing system the at least one organization computing device, using the organization-specific forest model, malware in a file received on the at least one organization computing device within the organization computer network; and performing a security action with respect to the file to protect the backend computing system or the at least one organization computing device or both. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for improving forest-based malware detection within an organization the system comprising:
-
a receiving module, stored in memory, that receives, at a backend computing system, organization data from at least one organization computing device within an organization computer network; an adjusting module, stored in memory, that adjusts, at the backend computing system, a general use forest model to generate an organization-specific forest model for detecting malicious computer files within the organization computer network, wherein the adjusting module adjusts the general use forest model by changing a weight of at least one leaf node of the general use forest model based on the organization; a sending module, stored in memory, that sends, from the backend computing system, the organization-specific forest model to the at least one organization computing device; a security module, stored in memory, that; detects, from the backend computing system or the at least one organization computing device, using the organization-specific forest model, malware in a file received on the at least one organization computing device within the organization computer network; and performs a security action with respect to the file to protect the backend computing system or the at least one organization computing device or both; and at least one processor that executes the receiving module, the adjusting module, and the sending module. - View Dependent Claims (14, 15)
-
-
16. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a backend computing system, cause the backend computing system to:
-
receive, at the backend computing system, organization data from at least one organization computing device within an organization computer network; adjust, at the backend computing system, a general use forest model to generate an organization-specific forest model for detecting malicious computer files within the organization computer network, wherein the general use forest model is adjusted by changing a weight of at least one leaf node of the general use forest model based on the organization data send, from the backend computing system, the organization-specific forest model to the at least one organization computing device; detect, by the backend computing system or the at least one organization computing device, using the organization-specific forest model, malware in a file received on the at least one organization computing device within the organization computer network; and perform a security action with respect to the file to protect the backend computing system or the at least one organization computing device or both. - View Dependent Claims (17)
-
Specification