US 12,452,297 B2
Deep learning for malicious image file detection
Min Du, Santa Clara, CA (US); Yijie Sui, San Jose, CA (US); William Redington Hewlett, II, Mountain View, CA (US); and Wenjun Hu, Santa Clara, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on May 18, 2023, as Appl. No. 18/199,258.
Prior Publication US 2024/0388600 A1, Nov. 21, 2024
Int. Cl. H04L 9/40 (2022.01); G06N 3/045 (2023.01); G06N 3/08 (2023.01)
CPC H04L 63/145 (2013.01) [G06N 3/045 (2023.01); G06N 3/08 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] 25 Claims
OG exemplary drawing
 
1. A system, comprising:
a processor configured to:
receive a plurality of structural sections of a first image file, wherein the plurality of structural sections corresponds to structural elements associated with a file format of the first image file;
use the received plurality of structural sections to determine a likelihood that the first image file contains potentially malicious content in at least one of the structural sections, at least in part by using a model trained using a sample set comprising a plurality of previously processed image files, wherein a given image file included in the plurality of previously processed image files was processed at least in part by having a set of sections extracted by an image parser, and wherein the image parser is configured to extract both normal sections and abnormal sections from the given image file, wherein a given abnormal section is one that corresponds to a commonly exploited section; and
provide as output a verdict for the first image file; and
a memory coupled to the processor and configured to provide the processor with instructions.