	US 11,941,122 B2
	Systems and methods for detecting malware using static and dynamic malware models
Mantas Briliauskas, Vilnius (LT); and Aleksandr Sevcenko, Vilnius (LT)
Assigned to UAB 360 IT, Vilnius (LT)
Filed by UAB 360 IT, Vilnius (LT)
Filed on Dec. 29, 2021, as Appl. No. 17/564,786.
Application 17/564,786 is a continuation of application No. 17/563,738, filed on Dec. 28, 2021.
Prior Publication US 2023/0205881 A1, Jun. 29, 2023
Int. Cl. G06F 21/56 (2013.01); G06F 18/214 (2023.01)

CPC G06F 21/566 (2013.01) [G06F 18/2148 (2023.01); G06F 21/562 (2013.01); G06F 21/565 (2013.01); G06F 2221/034 (2013.01)]

17 Claims

1. A method for detecting malware in files, the method comprising:

determining a first probability that a file stored on a computing device is malware using a first malware model by the computing device;

based on the determined first probability, determining a malware status of the file by the computing device, wherein the malware status is one of malware, not malware, or inconclusive by;

if the first probability is below a first threshold and below a second threshold, determining that the malware status is not malware;

if the first probability is above the first threshold and below the second threshold, determining that the malware status is inconclusive; and

if the probability is above the first threshold and above the second threshold, determining that the malware status is malware;

when the malware status of the file is inconclusive:

determining a second probability that the file is malware using a second malware model by the computing device;

providing at least a portion of the file and the second probability to the server through the network as training data for the first malware model; and

receiving an updated version of the first malware model from the server.