| CPC G06F 21/566 (2013.01) [G06F 21/568 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for screening a source code for ransomware before the source code can be executed by a local computer, the method comprising:
accessing the source code of a script hosted by a remote server;
extracting features from the source code in accordance with a machine-learning model comprising one or more layers of logic;
at least based on the machine-learning model, determining, for each of the extracted features, a corresponding probability conditioned on the source code containing ransomware; and
at least based on the machine-learning model, determining a combined probability for the extracted features conditioned on the source code containing ransomware when the extracted features are jointly present;
comparing the combined probability with a threshold;
in response to determining that the combined probability exceeds the threshold, flagging the source code as containing ransomware; and
in response to determining that the combined probability does not exceed the threshold, flagging the source code as not containing ransomware.
|