US 11,941,121 B2
Systems and methods for detecting malware using static and dynamic malware models
Mantas Briliauskas, Vilnius (LT); and Aleksandr Sevcenko, Vilnius (LT)
Assigned to UAB 360 IT, Vilnius (LT)
Filed by UAB 360 IT, Vilnius (LT)
Filed on Dec. 28, 2021, as Appl. No. 17/563,738.
Prior Publication US 2023/0205878 A1, Jun. 29, 2023
Int. Cl. G06F 21/56 (2013.01); G06F 18/214 (2023.01)
CPC G06F 21/566 (2013.01) [G06F 18/2148 (2023.01); G06F 21/562 (2013.01); G06F 21/565 (2013.01); G06F 2221/034 (2013.01)] 14 Claims
OG exemplary drawing
 
1. A method for detecting malware in files, the method comprising:
receiving a file by a computing device through a network;
determining a first probability that the file is malware using a first malware model, wherein the first malware model is a static malware model;
based on the determined first probability, determining a malware status of the file by the computing device, wherein the malware status is one of malware, not malware, or inconclusive;
when malware status of the file is inconclusive:
executing the file by the computing device;
determining a second probability that the file is malware based on the execution of the file using a second malware model by the computing device, wherein the second malware model is a dynamic malware model;
providing at least a portion of the file and the second probability to a server through the network by the computing device; and
receiving an updated version of the first model from the server by the computing device, wherein the updated version of the first model was trained using the file and the second probability.