- Patent Title: Detection of malicious executable files using hierarchical models
-
Application No.: US16413880Application Date: 2019-05-16
-
Publication No.: US11113397B2Publication Date: 2021-09-07
- Inventor: Tomas Pevny , Jan Franco̊ , Petr Somol
- Applicant: Cisco Technology, Inc.
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Behmke Innovation Group LLC
- Agent Kenneth J. Heywood; Jonathon P. Western
- Main IPC: G06F21/00
- IPC: G06F21/00 ; G06F21/56 ; G06N3/08

Abstract:
In one embodiment, a device disassembles an executable file into assembly instructions. The device maps each of the assembly instructions to a fixed length instruction vector using one-hot encoding and an instruction vocabulary and forms vector representations of blocks of a control flow graph for corresponding functions of the executable file by embedding and aggregating bags of the instruction vectors. The device generates, based on the vector representations of the blocks of the control flow graph, a call graph model of the functions in the executable file. The device forms a vector representation of the executable file based in part on the call graph model. The device determines, based on the vector representation of the executable file, whether the executable file is malware.
Information query