	US 11,916,937 B2
	System and method for information gain for malware detection
Vykintas Maknickas, Vilnius (LT); Mantas Briliauskas, Vilnius (LT); and Dainius Razinskas, Vilnius (LT)
Assigned to UAB 360 IT, Vilnius (LT)
Filed by UAB 360 IT, Vilnius (LT)
Filed on Nov. 14, 2022, as Appl. No. 17/985,948.
Application 17/985,948 is a continuation of application No. 17/666,944, filed on Feb. 8, 2022, granted, now 11,522,885.
Prior Publication US 2023/0254326 A1, Aug. 10, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06N 20/00 (2019.01)

CPC H04L 63/1416 (2013.01) [G06N 20/00 (2019.01)]

14 Claims

1. A system for malware detection, the system having one or more processors and memory configured to:

perform, on a plurality of user devices, a behavioral analysis of an executable file downloaded to a user device, wherein performance of the behavioral analysis includes: breaking the executable file into a plurality of chunks; and extracting at least one behavioral feature from the plurality of chunks;

classify the chunks based on the behaviors;

score the chunks based on the behaviors;

determine at least one label of maliciousness of the executable file based on the scores of the chunks;

receive the at least one label of maliciousness of the executable file based on the performance of the behavioral analysis;

receive a plurality of features extracted from the executable file;

train at least one machine learning model, on a central server in communication with the plurality of user device, based on the plurality of features and the at least one label of maliciousness;

distribute the at least one trained machine learning model to the plurality of user devices; and

update a machine learning model used for the behavioral analysis with the distributed at least one trained machine learning model.