-
公开(公告)号:WO2017147441A1
公开(公告)日:2017-08-31
申请号:PCT/US2017/019379
申请日:2017-02-24
Applicant: CYLANCE INC.
Inventor: PERMEH, Ryan , WOLFF, Matthew , ZHAO, Xuan , SOEDER, Derek , JIN, Ming
CPC classification number: G06F21/54 , G06F21/44 , G06F21/50 , G06F21/53 , G06F21/566 , G06F2221/033 , G06N99/005
Abstract: In one aspect there is provided a method. The method may include: determining that an executable implements a sub-execution environment, the sub-execution environment being configured to receive an input, and the input triggering at least one event at the sub-execution environment; intercepting the event at the sub-execution environment; and applying a security policy to the intercepted event, the applying of the policy comprises blocking the event, when the event is determined to be a prohibited event. Systems and articles of manufacture, including computer program products, are also provided.
Abstract translation: 在一个方面,提供了一种方法。 所述方法可以包括:确定可执行程序实现子执行环境,所述子执行环境被配置为接收输入,并且所述输入在所述子执行环境下触发至少一个事件; 在子执行环境中拦截事件; 并且将所述安全策略应用于所截取的事件,则当所述事件被确定为禁止事件时,所述策略的应用包括阻止所述事件。 还提供系统和制造产品,包括计算机程序产品。
-
公开(公告)号:WO2017193036A1
公开(公告)日:2017-11-09
申请号:PCT/US2017/031362
申请日:2017-05-05
Applicant: CYLANCE INC.
Inventor: ZHAO, Xuan , KAPOOR, Aditya , WOLFF, Matthew , DAVIS, Andrew , SOEDER, Derek , PERMEH, Ryan
CPC classification number: G06F21/562 , G06F21/554 , G06F2221/034 , G06N3/0454 , G06N3/084 , G06N5/025 , G06N7/005 , H04L63/1416 , H04L63/145
Abstract: In some implementations there may be provided a system. The system may include a processor and a memory. The memory may include program code which causes operations when executed by the processor. The operations may include analyzing a series of events contained in received data. The series of events may include events that occur during the execution of a data object. The series of events may be analyzed to at least extract, from the series of events, subsequences of events. A machine learning model may determine a classification for the received data. The machine learning model may classify the received data based at least on whether the subsequences of events are malicious. The classification indicative of whether the received data is malicious may be provided. Related methods and articles of manufacture, including computer program products, are also disclosed.
Abstract translation: 在一些实现中,可以提供一种系统。 该系统可以包括处理器和存储器。 存储器可以包括当由处理器执行时引起操作的程序代码。 操作可以包括分析包含在接收到的数据中的一系列事件。 这一系列事件可能包括执行数据对象期间发生的事件。 可以分析一系列事件以至少从一系列事件中提取事件的子序列。 机器学习模型可以确定接收到的数据的分类。 机器学习模型可以至少基于事件的子序列是否是恶意的来对接收到的数据进行分类。 可以提供指示接收到的数据是否恶意的分类。 还公开了相关方法和制造产品,包括计算机程序产品。
-
公开(公告)号:WO2018048716A1
公开(公告)日:2018-03-15
申请号:PCT/US2017/049631
申请日:2017-08-31
Applicant: CYLANCE INC.
Inventor: ZHAO, Xuan , WOLFF, Matthew , BROCK, John , WALLACE, Brian , WORTMAN, Andrew , LUAN, Jian , AZARAFROOZ, Mahdi , DAVIS, Andrew , WOJNOWICZ, Michael , SOEDER, Derek , BEVERIDGE, David , PETERSEN, Eric , JIN, Ming , PERMEH, Ryan
IPC: G06N3/02
CPC classification number: G06N3/0445 , G06F21/563 , G06N3/02
Abstract: Systems are provided to classify an instruction sequence with a machine learning model. An instruction sequence is processed with a trained machine learning model configured to detect one or more interdependencies amongst a plurality of tokens in the instruction sequence and to determine a classification for the instruction sequence based on the one or more interdependencies amongst the plurality of tokens. The classification of the instruction sequence can then be provided as an output. Related methods and articles of manufacture, including computer program products, are also provided.
Abstract translation: 提供系统以用机器学习模型分类指令序列。 利用经训练的机器学习模型来处理指令序列,该模型经配置以检测指令序列中的多个令牌之间的一个或一个以上相互依赖性且基于多个令牌之间的一个或一个以上相互依赖性来确定指令序列的分类。 然后可以提供指令序列的分类作为输出。 还提供了相关方法和制造产品,包括计算机程序产品。
-
公开(公告)号:WO2018045165A1
公开(公告)日:2018-03-08
申请号:PCT/US2017/049607
申请日:2017-08-31
Applicant: CYLANCE INC.
Inventor: ZHAO, Xuan , WOLFF, Matthew , BROCK, John , WALLACE, Brian , WORTMAN, Andrew , LUAN, Jian , AZARAFROOZ, Mahdi , DAVIS, Andrew , WOJNOWICZ, Michael , SOEDER, Derek , BEVERIDGE, David , OLIINYK, Yaroslav , PERMEH, Ryan
IPC: G06F21/56
CPC classification number: G06F21/562 , G06N3/0454 , G06N3/084
Abstract: Systems method are provided for training and utilizing a machine learning model to detect malicious container files. A container file is processed with a trained machine learning model that is trained to determine a classification for the container file indicative of whether the container file includes at least one file rendering the container file malicious. Based on such a determination, an indication can be provided indicating whether the container file includes one or more files rendering the container file malicious. Related methods and articles of manufacture, including computer program products, are also provided.
Abstract translation: 提供系统方法来训练和利用机器学习模型来检测恶意容器文件。 使用经过训练的机器学习模型来处理容器文件,该模型经训练以确定容器文件的分类,所述分类指示容器文件是否包括使容器文件恶意的至少一个文件。 基于这样的确定,可以提供指示容器文件是否包括使得容器文件恶意的一个或多个文件的指示。 还提供了相关方法和制造产品,包括计算机程序产品。
-
-
-
Search Results
4
records
(took 0.009 seconds)
