US 12,111,928 B2
Utilizing machine learning to detect malicious executable files efficiently and effectively
Changsha Ma, Campbell, CA (US); Nirmal Singh, Mohali (IN); Naveen Selvan, Mohali (IN); Tarun Dewan, Mohali (IN); Uday Pratap Singh, Mohali (IN); Deepen Desai, San Ramon, CA (US); Bharath Meesala, Bengaluru (IN); Rakshitha Hedge, Bengaluru (IN); Parnit Sainion, Morgan Hill, CA (US); Shashank Gupta, Sunnyvale, CA (US); Narinder Paul, Sunnyvale, CA (US); Rex Shang, Los Altos, CA (US); and Howie Xu, Palo Alto, CA (US)
Assigned to Zscaler, Inc., San Jose, CA (US)
Filed by Zscaler, Inc., San Jose, CA (US)
Filed on Sep. 26, 2023, as Appl. No. 18/474,524.
Application 18/474,524 is a continuation of application No. 17/079,809, filed on Oct. 26, 2020, granted, now 11,803,641.
Claims priority of application No. 202011039471 (IN), filed on Sep. 11, 2020.
Prior Publication US 2024/0028721 A1, Jan. 25, 2024
Int. Cl. G06F 21/56 (2013.01); G06F 21/53 (2013.01); G06N 20/00 (2019.01)
CPC G06F 21/565 (2013.01) [G06F 21/53 (2013.01); G06N 20/00 (2019.01); G06F 2221/033 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A non-transitory computer-readable storage medium having computer-readable code stored thereon for programming one or more processors in a cloud-based system to perform steps of:
responsive to training a machine learning model with a combination of knowledge features and non-knowledge features, wherein the knowledge features include features associated with executable files determined to be effective for training, and wherein non-knowledge features include n-grams, entropy, and file size, receiving the machine learning model;
performing inline monitoring of production traffic between users, the Internet, and cloud services;
utilizing the trained machine learning model to inspect files in the production traffic; and
classifying the traffic as one of malicious or benign based on the trained machine learning model.