Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020139721 - METHODS AND APPARATUS TO DETECT ADVERSARIAL MALWARE

Publication Number WO/2020/139721
Publication Date 02.07.2020
International Application No. PCT/US2019/067682
International Filing Date 19.12.2019
IPC
G06N 3/04 2006.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
3Computer systems based on biological models
02using neural network models
04Architecture, e.g. interconnection topology
G06N 3/08 2006.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
3Computer systems based on biological models
02using neural network models
08Learning methods
G06F 21/55 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
CPC
G06F 21/53
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/552
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
552involving long-term monitoring or reporting
G06F 21/554
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
554involving event detection and direct action
G06F 21/566
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
G06F 21/567
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
567using dedicated hardware
G06F 2221/033
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
033Test or assess software
Applicants
  • MCAFEE, LLC [US]/[US]
Inventors
  • HUANG, Yonghong
  • VARDHAN, Raj
  • FRALICK, Celeste R.
  • INFANTE-LOPEZ, Gabriel G.
  • KULKARNI, Dattatraya
  • NALLURI, Srikanth
  • BOTHRA, Sonam
Agents
  • ZIMMERMAN, Michael W.
Priority Data
16/235,30628.12.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) METHODS AND APPARATUS TO DETECT ADVERSARIAL MALWARE
(FR) PROCÉDÉS ET APPAREIL DE DÉTECTION DE LOGICIEL MALVEILLANT ANTAGONISTE
Abstract
(EN)
Methods and apparatus to detect adversarial malware are disclosed. An example adversarial malware detector includes a machine learning engine to classify a first feature representation representing features of a program as benign or malware, a feature perturber to, when the first feature representation is classified as benign, remove a first one of the features to form a second feature representation, and a decider to classify the program as adversarial malware when the machine learning engine classifies the second feature representation as malware.
(FR)
L'invention concerne des procédés et un appareil de détection de logiciel malveillant antagoniste. Un exemple de détecteur de logiciel malveillant antagoniste comprend un moteur d'apprentissage automatique servant à classifier une première représentation de caractéristiques représentant des caractéristiques d'un programme comme étant inoffensives ou malveillantes, un perturbateur de caractéristiques servant, lorsque la première représentation de caractéristiques est classée comme étant inoffensive, à enlever une première des caractéristiques pour former une deuxième représentation de caractéristiques, et un décideur servant à classifier le programme en tant que logiciel malveillant antagoniste lorsque le moteur d'apprentissage automatique classifie la deuxième représentation de caractéristiques en tant que logiciel malveillant.
Also published as
Latest bibliographic data on file with the International Bureau