CPC G06F 21/566 (2013.01) [G06F 18/2148 (2023.01); G06F 21/562 (2013.01); G06F 21/565 (2013.01); G06F 2221/034 (2013.01)] | 14 Claims |
1. A method for detecting malware in files, the method comprising:
receiving a file by a computing device through a network;
determining a first probability that the file is malware using a first malware model, wherein the first malware model is a static malware model;
based on the determined first probability, determining a malware status of the file by the computing device, wherein the malware status is one of malware, not malware, or inconclusive;
when malware status of the file is inconclusive:
executing the file by the computing device;
determining a second probability that the file is malware based on the execution of the file using a second malware model by the computing device, wherein the second malware model is a dynamic malware model;
providing at least a portion of the file and the second probability to a server through the network by the computing device; and
receiving an updated version of the first model from the server by the computing device, wherein the updated version of the first model was trained using the file and the second probability.
|