发明名称 |
RECURRENT NEURAL NETWORKS FOR MALWARE ANALYSIS |
摘要 |
Using a recurrent neural network (RNN) that has been trained to a satisfactory level of performance, highly discriminative features can be extracted by running a sample through the RNN, and then extracting a final hidden state hi, where i is the number of instructions of the sample. This resulting feature vector may then be concatenated with the other hand-engineered features, and a larger classifier may then be trained on hand-engineered as well as automatically determined features. Related apparatus, systems, techniques and articles are also described. |
申请公布号 |
US2016350532(A1) |
申请公布日期 |
2016.12.01 |
申请号 |
US201615236289 |
申请日期 |
2016.08.12 |
申请人 |
Cylance Inc. |
发明人 |
Davis Andrew;Wolff Matthew;Soeder Derek A.;Chisholm Glenn;Permeh Ryan |
分类号 |
G06F21/56;G06N3/08;G06N3/04 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method comprising:
receiving or accessing data encapsulating a sample of at least a portion of one or more files; feeding at least a portion of the received or accessed data as a time-based sequence into a recurrent neural network (RNN) trained using historical data; extracting, by the RNN, a final hidden state hi in a hidden layer of the RNN in which i is a number of elements of the sample; and determining, using the RNN and the final hidden state, whether at least a portion of the sample is likely to comprise malicious code. |
地址 |
Irvine CA US |