公开(公告)号：WO2018136788A1

公开(公告)日：2018-07-26

申请号：PCT/US2018/014507

申请日：2018-01-19

Applicant: CYLANCE INC.

Inventor： MAISEL, Matthew ,  PERMEH, Ryan ,  WOLFF, Matthew ,  ACEVEDO, Gabriel ,  DAVIS, Andrew ,  BROCK, John ,  STRONG, Homer ,  WOJNOWICZ, Michael ,  BEETS, Kevin

IPC: G06F21/56

Abstract: Contextual information associated with a file is provided to at least enable a classification of the file when a malware classifier is unable to classify the file. In response to the providing of the contextual information, the classification of the file is received. Based at least on the received classification of the file, the malware classifier is updated to enable the malware classifier to classify the file.

公开(公告)号：WO2018048716A1

公开(公告)日：2018-03-15

申请号：PCT/US2017/049631

申请日：2017-08-31

Applicant: CYLANCE INC.

Inventor： ZHAO, Xuan ,  WOLFF, Matthew ,  BROCK, John ,  WALLACE, Brian ,  WORTMAN, Andrew ,  LUAN, Jian ,  AZARAFROOZ, Mahdi ,  DAVIS, Andrew ,  WOJNOWICZ, Michael ,  SOEDER, Derek ,  BEVERIDGE, David ,  PETERSEN, Eric ,  JIN, Ming ,  PERMEH, Ryan

IPC: G06N3/02

CPC classification number: G06N3/0445 ,  G06F21/563 ,  G06N3/02

Abstract: Systems are provided to classify an instruction sequence with a machine learning model. An instruction sequence is processed with a trained machine learning model configured to detect one or more interdependencies amongst a plurality of tokens in the instruction sequence and to determine a classification for the instruction sequence based on the one or more interdependencies amongst the plurality of tokens. The classification of the instruction sequence can then be provided as an output. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract translation: 提供系统以用机器学习模型分类指令序列。 利用经训练的机器学习模型来处理指令序列，该模型经配置以检测指令序列中的多个令牌之间的一个或一个以上相互依赖性且基于多个令牌之间的一个或一个以上相互依赖性来确定指令序列的分类。 然后可以提供指令序列的分类作为输出。 还提供了相关方法和制造产品，包括计算机程序产品。

公开(公告)号：WO2018045165A1

公开(公告)日：2018-03-08

申请号：PCT/US2017/049607

申请日：2017-08-31

Applicant: CYLANCE INC.

Inventor： ZHAO, Xuan ,  WOLFF, Matthew ,  BROCK, John ,  WALLACE, Brian ,  WORTMAN, Andrew ,  LUAN, Jian ,  AZARAFROOZ, Mahdi ,  DAVIS, Andrew ,  WOJNOWICZ, Michael ,  SOEDER, Derek ,  BEVERIDGE, David ,  OLIINYK, Yaroslav ,  PERMEH, Ryan

IPC: G06F21/56

CPC classification number: G06F21/562 ,  G06N3/0454 ,  G06N3/084

Abstract: Systems method are provided for training and utilizing a machine learning model to detect malicious container files. A container file is processed with a trained machine learning model that is trained to determine a classification for the container file indicative of whether the container file includes at least one file rendering the container file malicious. Based on such a determination, an indication can be provided indicating whether the container file includes one or more files rendering the container file malicious. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract translation: 提供系统方法来训练和利用机器学习模型来检测恶意容器文件。 使用经过训练的机器学习模型来处理容器文件，该模型经训练以确定容器文件的分类，所述分类指示容器文件是否包括使容器文件恶意的至少一个文件。 基于这样的确定，可以提供指示容器文件是否包括使得容器文件恶意的一个或多个文件的指示。 还提供了相关方法和制造产品，包括计算机程序产品。

公开(公告)号：WO2017011702A1

公开(公告)日：2017-01-19

申请号：PCT/US2016/042358

申请日：2016-07-14

Applicant: CYLANCE INC.

Inventor： DAVIS, Andrew ,  WOLFF, Matthew ,  SOEDER, Derek, A. ,  CHISHOLM, Glenn ,  PERMEH, Ryan

IPC: G06F21/56

CPC classification number: G06F21/565 ,  G06F21/562 ,  G06F2221/034 ,  G06N3/08

Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.

Abstract translation: 在一方面，提供了一种用于训练适于分类一个或多个脚本的神经网络的系统。 该系统可以包括至少一个处理器和至少一个存储器。 存储器可以包括当至少一个存储器执行时提供操作的程序代码，包括：接收包括多个指令的反汇编的二进制文件; 用卷积神经网络处理分解的二进制文件，其被配置为检测多个指令中的一个或多个指令序列的存在，并且至少部分地基于一个或多个序列的存在来确定反汇编的二进制文件的分类 的指示; 并且作为输出提供反汇编的二进制文件的分类。 还公开了相关的计算机实现的方法。