Unstructured text classification
    1.
    发明授权

    公开(公告)号:US11762990B2

    公开(公告)日:2023-09-19

    申请号:US16917626

    申请日:2020-06-30

    摘要: The technology described herein identifies malicious URLs using a classifier that is both accurate and fast. Aspects of the technology are particularly well adapted for use as a real-time URL security analysis tool because the technology is able to quickly process a URL and produce a warning when a malicious URL is identified. The rapid processing speed of the technology described herein is produced, in part, by use of only a single input signal, which is the URL itself. The high accuracy produced by the technology described herein is achieved by analyzing the unstructured text on both a character-by-character level and a word-by-word level. The technology described herein uses both character-level and word-level information from the incoming URL.

    Malware sequence detection
    2.
    发明授权

    公开(公告)号:US10963566B2

    公开(公告)日:2021-03-30

    申请号:US15879593

    申请日:2018-01-25

    IPC分类号: G06F21/56 G06N3/04 G06N3/08

    摘要: Implementations described herein disclose a malware sequence detection system for detecting presence of malware in a plurality of events. An implementation of the malware sequence detection includes receiving a sequence of a plurality of events, and detecting presence of a sequence of malware commands within the sequence of a plurality of events by dividing the sequence of plurality of events into a plurality of subsequences, performing sequential subsequence learning on one or more of the plurality of subsequences, and generating a probability of one or more of the plurality of subsequences being a malware based on the output of the sequential subsequence.

    Large Scale Malicious Process Detection
    4.
    发明申请
    Large Scale Malicious Process Detection 有权
    大规模恶意流程检测

    公开(公告)号:US20160269424A1

    公开(公告)日:2016-09-15

    申请号:US14657215

    申请日:2015-03-13

    IPC分类号: H04L29/06 G06F17/30

    摘要: Identify a set or session of processes as having certain characteristics. A method obtains a known set or session of processes, wherein the known set or session of processes has the certain characteristics. A set or session of processes to be evaluated is obtained. A weighted similarity measure is performed between the known set or session of processes and the set or session of processes to be evaluated. The weighted similarity measure is performed element wise, where a comparison is performed for each defined element in the set or session of processes to be evaluated against elements in the known set or session of processes.

    摘要翻译: 将一组或多个进程识别为具有某些特征。 一种方法获得已知的一组或多个进程会话,其中已知的一组或多个进程具有一定的特征。 获得要评估的过程的集合或会话。 在已知的一组或多个进程与待评估的进程的集合或会话之间执行加权相似性度量。 加权相似性度量是以元素方式执行的,其中针对要被评估的过程的集合或会话中的每个定义的元素进行比较,所述过程的对象或者会话被处理已知的过程集合或会话中的元素。

    Command classification using active learning

    公开(公告)号:US12032687B2

    公开(公告)日:2024-07-09

    申请号:US17491438

    申请日:2021-09-30

    摘要: The techniques disclosed herein enable systems to train a machine learning model to classify malicious command line strings and select anomalous and uncertain samples for analysis. To train the machine learning model, a system receives a labeled data set containing command line inputs that are known to be malicious or benign. Utilizing a term embedding model, the system can generate aggregated numerical representations of the command line inputs for analysis by the machine learning model. The aggregated numerical representations can include various information such as term scores that represent a probability that an individual term of the command line string is malicious as well as numerical representations of the individual terms. The system can subsequently provide the aggregated numerical representations to the machine learning model for analysis. Based on the aggregated numerical representations, the machine learning model can learn to distinguish malicious command line inputs from benign inputs.

    Detection and mitigation of security threats to a domain name system for a communication network

    公开(公告)号:US11930020B2

    公开(公告)日:2024-03-12

    申请号:US17317573

    申请日:2021-05-11

    摘要: The disclosure is directed towards the real-time detection and mitigation of security threats to a domain name system (DNS) for a communication network. A graph-theoretic method is applied to detect compromised DNS assets (e.g., DNS servers and web servers that DNS servers map domain names to). A graph is generated from domain name resolution (DNR) transactions. The nodes of the graph represent the DNS assets and edges between the nodes represent the DNR transactions. The graph is analyzed to detect features that signal compromised assets. The detection of such features serves to act as a binary classifier for the represented assets. The binary classifier acts to classify each node as non-compromised or compromised. The analysis is guided by supervised and/or unsupervised machine learning methods. Once the assets are classified, DNR transactions are analyzed in real-time. If the transaction involves a compromised asset, an intervention is performed that mitigates the threat.

    Neural network architectures employing interrelatedness

    公开(公告)号:US10938840B2

    公开(公告)日:2021-03-02

    申请号:US16160540

    申请日:2018-10-15

    摘要: Enhanced neural network architectures that enable the determination and employment of association-based or attention-based “interrelatedness” of various portions of the input data are provided. A method of employing an architecture includes receiving a first input data element, a second input element, and a third input element. A first interrelated metric that indicates a degree of interrelatedness between the first input data element and the second input data element is determined. A second interrelated metric is determined. The second interrelated metric indicates a degree of interrelatedness between the first input data element and the third input data element. An interrelated vector is generated based on the first interrelated metric and the second interrelated metric. The neural network is employed to generate an output vector that corresponds to the first input vector and is based on a combination of the first input vector and the interrelated vector.