| CPC G06F 21/57 (2013.01) [G06F 21/565 (2013.01)] | 20 Claims |
|
1. A method, comprising:
extracting a plurality of strings from a set of malicious files and a set of benign files;
determining a subset of the extracted plurality of strings that are most useful in distinguishing the set of malicious files from the set of benign files;
training a machine learning model to use the subset of the plurality of strings to perform a malware detection by distinguishing between the set of malicious files and the set of benign files;
determining one or more features supported by a rule interpreter associated with a computer security application;
transpiling the machine learning model into a pastable rule of text for a console of an interpreter environment for the rule interpreter, the pastable rule configured, based on the one or more features supported by the rule interpreter, to be interpreted by the rule interpreter to perform the malware detection; and
causing the pastable rule to be run in the rule interpreter associated with the computer security application to extract a number of strings from one or more files and to recognize malicious ones of the one or more files based on the number of strings.
|