US 12,261,853 B2
Innocent until proven guilty (IUPG): adversary resistant and false positive resistant deep learning models
Brody James Kutt, Santa Clara, CA (US); Oleksii Starov, Sunnyvale, CA (US); Yuchen Zhou, Newark, CA (US); and William Redington Hewlett, II, Mountain View, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Nov. 3, 2023, as Appl. No. 18/386,969.
Application 18/386,969 is a continuation of application No. 17/331,549, filed on May 26, 2021, granted, now 11,856,003.
Claims priority of provisional application 63/034,843, filed on Jun. 4, 2020.
Prior Publication US 2024/0064156 A1, Feb. 22, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06N 3/04 (2023.01)
CPC H04L 63/14 (2013.01) [G06N 3/04 (2013.01); H04L 63/20 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A system, comprising:
a processor configured to:
store on a networked device a set comprising one or more innocent until proven guilty (IUPG) models for static analysis of a sample;
perform a static analysis of content associated with the sample, wherein performing the static analysis of the content includes using at least one stored IUPG model and another type of CNN-based classifier, wherein the at least one stored IUPG model is selected at least in part based on a file type associated with the sample, wherein the performing of the static analysis of content associated with the sample comprises to:
combine the at least one stored IUPG model and the other type of CNN-based classifier to obtain a classifier; and
perform the static analysis using the classifier; and
determine that the sample is malicious based at least in part on the static analysis of the content associated with the sample, and in response to determining that the sample is malicious, perform an action based on a security policy; and
a memory coupled to the processor and configured to provide the processor with instructions.