&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
</head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12411995.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,411,995 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Apparatus and method for identifying abnormal processor and computer-readable storage medium</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Hwaseong Lee,  Daejeon (KR);  Jeongchan Park,  Daejeon (KR);  Changon Yoo,  Daejeon (KR);  Jingoog Kim,  Daejeon (KR);  Yeojeong Yoon,  Daejeon (KR);  Ilhoon Jung,  Daejeon (KR); and  Sung Jin Park,  Daejeon (KR)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  AGENCY FOR DEFENSE DEVELOPMENT,  Daejeon (KR)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  AGENCY FOR DEFENSE DEVELOPMENT,  Daejeon (KR)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Nov.  24, 2021, as Appl. No. 17/456,529.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Claims priority of application No. 10-2021-0108113 (KR), filed on Aug.  17, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0057138 A1, Feb.  23, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/71</b></i> (2013.01); <i><b>G06N 20/20</b></i> (2019.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/71</b></i> (2013.01)&#xa0;[<i><b>G06N 20/20</b></i> (2019.01)]</td>
            <td class="table_data" align="right"><b>6 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12411995-20250909-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. An apparatus for identifying an abnormal processor, the apparatus comprising:<div class="claim_text">a memory information collection processor configured to collect memory region information and dynamic library information of a memory;</div>
                <div class="claim_text">a first identification processor configured to identify a processor as an abnormal processor by using a first machine learning model pre-trained based on the memory region information of both a normal processor and an abnormal processor;</div>
                <div class="claim_text">a second identification processor configured to identify the processor as an abnormal processor by using a second machine learning model pre-trained based on the dynamic library information of both a normal processor and an abnormal processor; and</div>
                <div class="claim_text">a determination processor configured to determine a final abnormal processor based on either the abnormal processor identified using the first machine learning model or the abnormal processor identified using the second machine learning model by assigning a weighted value to either the abnormal processor identified by the first identification processor or the abnormal processor identified by the second identification processor,</div>
                <div class="claim_text">wherein the memory region information includes at least one of i) information obtained by transforming an authority of a memory region into term frequency-inverse document frequency (TF-IDF) or ii) a level of similarity to a binary in a processor memory region,</div>
                <div class="claim_text">wherein the dynamic library information includes information on whether a dynamic library contains an electronic signature or not and information on a history of previous uses of dynamic libraries, and</div>
                <div class="claim_text">wherein the determination processor is configured to determine the final abnormal processor by using abnormal processor information identified by the first identification processor and abnormal processor information identified by the second identification processor as input into a weighted third pre-trained machine learning model different from the first machine learning model and the second machine learning model.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>