| CPC G06F 21/564 (2013.01) [G06F 18/214 (2023.01); G06F 18/217 (2023.01); G06F 21/56 (2013.01); G06F 21/566 (2013.01); G06N 5/025 (2013.01); G06F 2221/034 (2013.01)] | 19 Claims |
|
1. A method comprising:
determining, based at least on a file structure associated with each of a plurality of training files known to be malign or benign, a subset of the plurality of training files that are associated with a first file-type of a plurality of file-types;
training, based on the subset of the plurality of training files, a first classifier to determine whether files of the first file-type are at least malign or benign;
training, based on the plurality of training files, a second classifier to determine whether files of the plurality of file-types are at least malign or benign;
selecting, based on determining that a first file is associated with the first file-type, the first classifier to determine whether the first file is malign or benign;
causing, based on the determining whether the first file is malign or benign, access to the first file to be blocked or permitted;
selecting, based on a failure to determine if a second file is associated with the first file-type, the second classifier to determine whether the second file is malign or benign; and
causing, based on the determining whether the second file is malign or benign, access to the second file to be blocked or permitted.
|