US 12,069,087 B2
System and method for analyzing binary code for malware classification using artificial neural network techniques
Jeffrey Thomas Johns, Leesburg, VA (US); Brian Sanford Jones, Morrisville, NC (US); and Scott Eric Coull, Cary, NC (US)
Assigned to GOOGLE LLC, Mountain View, CA (US)
Filed by Google LLC, Mountain View, CA (US)
Filed on Apr. 24, 2023, as Appl. No. 18/305,889.
Application 17/461,925 is a division of application No. 15/796,680, filed on Oct. 27, 2017, granted, now 11,108,809, issued on Aug. 31, 2021.
Application 18/305,889 is a continuation of application No. 17/461,925, filed on Aug. 30, 2021, granted, now 11,637,859.
Prior Publication US 2023/0336584 A1, Oct. 19, 2023
Int. Cl. H04L 29/06 (2006.01); G06F 21/56 (2013.01); G06N 3/04 (2023.01); H04L 9/40 (2022.01)
CPC H04L 63/145 (2013.01) [G06F 21/56 (2013.01); G06F 21/562 (2013.01); G06N 3/04 (2013.01); G06F 2221/033 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A cyber-security system configured to perform malware classification using neural networks, the cyber-security system comprising:
processing circuitry and
one or more non-transitory computer-readable storage media that store:
a convolutional neural network; and
instructions for performing operations, the operations comprising:
obtaining binary code of an executable file;
processing at least a portion of the binary code of the executable file with the convolutional neural network to generate, as an output of the convolutional neural network, a network output; and
processing the network output with a classifier to generate a threat score for the executable file, wherein the threat score indicates whether the executable file comprises malware, wherein the threat score is generated by threat assessment logic of the classifier. wherein the threat assessment logic performs a sigmoid function to normalize the threat score as a scalar value within a prescribed value range.