The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

H04L 29/06 (2006.01); G06N 5/04 (2006.01); G06N 20/00 (2019.01); G06F 17/18 (2006.01); G06F 21/56 (2013.01); G06Q 10/06 (2012.01); G06F 16/955 (2019.01); G06F 11/07 (2006.01); G06K 9/62 (2006.01); G06N 7/00 (2006.01); G06F 21/55 (2013.01); G06F 9/54 (2006.01);

U.S. Cl.

CPC ...

H04L 63/1416 (2013.01); G06F 9/542 (2013.01); G06F 11/079 (2013.01); G06F 16/955 (2019.01); G06F 17/18 (2013.01); G06F 21/554 (2013.01); G06F 21/56 (2013.01); G06F 21/562 (2013.01); G06F 21/565 (2013.01); G06K 9/6223 (2013.01); G06K 9/6256 (2013.01); G06N 5/04 (2013.01); G06N 5/046 (2013.01); G06N 7/00 (2013.01); G06N 20/00 (2019.01); G06Q 10/0635 (2013.01); G06Q 10/06395 (2013.01); H04L 63/0227 (2013.01); H04L 63/0263 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/20 (2013.01);

Abstract

An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.

Find Patent Forward Citations