	US 12,407,695 B2
	Machine learning architecture for detecting malicious files using stream of data
Tung-Ling Li, Emeryville, CA (US); William Redington Hewlett, II, Mountain View, CA (US); Sujit Rokka Chhetri, Santa Clara, CA (US); and Brody James Kutt, Santa Clara, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Jan. 31, 2023, as Appl. No. 18/104,125.
Prior Publication US 2024/0259397 A1, Aug. 1, 2024
Int. Cl. H04L 9/40 (2022.01); G06F 18/2415 (2023.01)

CPC H04L 63/1416 (2013.01) [G06F 18/2415 (2023.01)]

19 Claims

1. A system for performing classification at an edge device, comprising:

one or more processors configured to:

obtain a stream of a file at the edge device;

process a set of chunks associated with the stream of the file using a machine learning model; and

classify, at the edge device, the file before processing an entirety of the file, wherein:

the file is determined to be malicious if a prediction obtained from the machine learning model exceeds a predefined malicious threshold;

the predefined malicious threshold is different across classification of chunks in the file; and

the predefined malicious threshold is lower for a first chunk than for a jth chunk, and j is a positive integer greater than 1; and

a memory coupled to the one or more processors and configured to provide the one or more processors with instructions.