US 12,223,036 B1
Injected byte buffer data classification
Florian Stortz, London (GB); Felix Schwyzer, Berlin (DE); and Marian Radu, Bucharest (RO)
Assigned to CrowdStrike, Inc., Sunnyvale, CA (US)
Filed by CrowdStrike, Inc., Sunnyvale, CA (US)
Filed on Apr. 5, 2024, as Appl. No. 18/628,172.
Int. Cl. G06F 21/54 (2013.01); G06F 21/56 (2013.01)
CPC G06F 21/54 (2013.01) [G06F 21/566 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method, comprising:
obtaining injected byte buffer data from a security agent, the injected byte buffer data having resulted from data being injected into a byte buffer;
classifying the injected byte buffer data, comprising:
providing the injected byte buffer data as an input to a trained transformer type neural network machine learning model, wherein at least a portion of the injected byte buffer data is provided to the trained transformer type neural network machine learning model in an unmodified form without determining features of the injected byte buffer data or imposing a modality or encoding on the injected byte buffer data,
classifying the injected byte buffer data by the trained transformer type neural network machine learning model, resulting in a classification output,
wherein the classification output indicates whether the injected byte buffer data is associated with a malicious process injection; and
providing the classification output to the security agent.