US 12,013,921 B2
Computer-based systems configured for automated computer script analysis and malware detection and methods thereof
Baharak Saberidokht, McLean, VA (US); Farshid Marbouti, McLean, VA (US); and Stephen Fletcher, Arlington, VA (US)
Assigned to Capital One Services, LLC, McLean, VA (US)
Filed by Capital One Services, LLC, McLean, VA (US)
Filed on May 18, 2023, as Appl. No. 18/320,030.
Application 18/320,030 is a continuation of application No. 17/960,375, filed on Oct. 5, 2022, granted, now 11,675,881.
Application 17/960,375 is a continuation of application No. 17/088,368, filed on Nov. 3, 2020, granted, now 11,481,475, issued on Oct. 25, 2022.
Prior Publication US 2023/0289412 A1, Sep. 14, 2023
Int. Cl. G06F 21/00 (2013.01); G06F 9/54 (2006.01); G06F 18/214 (2023.01); G06F 21/14 (2013.01); G06F 21/54 (2013.01); G06F 21/84 (2013.01); G06N 20/20 (2019.01)
CPC G06F 21/14 (2013.01) [G06F 9/544 (2013.01); G06F 18/214 (2023.01); G06F 21/54 (2013.01); G06F 21/84 (2013.01); G06N 20/20 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, by at least one processor, a plurality of software programming scripts;
wherein each software programming script of the plurality of software programming scripts comprise script text;
extracting, by the at least one processor, at least one symbol feature from the script text of each software programming script of the plurality of software programming scripts by recognizing symbols of a symbol set;
utilizing, by the at least one processor, an obfuscation machine learning model comprising an ensemble model of classifiers to produce a binary obfuscation classification for each software programming script;
wherein the obfuscation machine learning model is configured to:
determine a predicted likelihood obfuscation of the at least one predicted likelihood of obfuscation by each classifier of the ensemble of classifiers based at least in part on the at least one symbol feature;
determine an obfuscation prediction for each classifier of the ensemble of classifiers by comparing each predicted likelihood of obfuscation with at least one obfuscation threshold value;
determine quantity of obfuscation votes representative of a number of obfuscation predictions predicting that the software programming script is obfuscated;
determine a quantity of non-obfuscation votes representative of a number of obfuscation predictions predicting that the software programming script is not obfuscated; and
determine the binary obfuscation classification based on a greater one of the quantity of obfuscation votes and the quantity of non-obfuscation votes; and
causing to display, by the at least one processor, an alert indicting at least one obfuscated software programming script of the plurality of software programming scripts on a screen of at least one computing device associated with at least one administrative user to recommend security analysis of the software programming script based at least in part on the binary obfuscation classification for the each software programming script.