US 12,437,067 B1
Suspicious filename detection using a deep learning neural network
Glory Emmanuel Avina, Brentwood, CA (US); Abhinav Mishra, San Francisco, CA (US); Kumar Sharad, Dresden (DE); and Namratha Sreekanta, Fremont, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on Jan. 19, 2024, as Appl. No. 18/418,064.
Claims priority of provisional application 63/440,088, filed on Jan. 19, 2023.
Int. Cl. G06F 21/55 (2013.01); G06N 3/084 (2023.01)
CPC G06F 21/554 (2013.01) [G06N 3/084 (2013.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method, comprising:
performing text pre-processing on a filename resulting in a pre-processed filename;
generating a tensor from the pre-processed filename;
deploying a character-level recurrent neural network (RNN) by feeding the tensor as input thereto, wherein the character-level RNN includes a first linear layer that is configured to analyze the pre-processed filename character-by-character resulting in a RNN output;
converting the RNN output to a prediction score by obtaining an exponent of the RNN output;
performing a threshold comparison between the prediction score and a suspiciousness threshold; and
generating a graphical user interface indicating that the filename is suspicious when the threshold comparison was not satisfied.