US 12,462,033 B1
Operation method of electronic apparatus for performing large language model based analysis inference for malicious script action
Seonghoon Jung, Seoul (KR); and Jueon Eom, Seoul (KR)
Assigned to Ahnlab, Inc., Seongnam-si (KR)
Filed by Ahnlab, Inc., Seongnam-si (KR)
Filed on Jul. 14, 2025, as Appl. No. 19/268,956.
Claims priority of application No. 10-2024-0104952 (KR), filed on Aug. 6, 2024.
Int. Cl. G06F 21/56 (2013.01); G06F 21/55 (2013.01)
CPC G06F 21/566 (2013.01) [G06F 21/552 (2013.01)] 6 Claims
OG exemplary drawing
 
1. An operation method of at least one electronic apparatus, the method comprising:
acquiring static and dynamic analysis results corresponding to results obtained by performing static and dynamic analyses performed on a plurality of scripts, each classified as benign or malicious;
converting the static and dynamic analysis results of each of the plurality of scripts into text formatted to match an output format of at least one Large Language Model (LLM);
training the at least one LLM based on the converted text so that the at least one LLM infers static and dynamic analysis results from an input script; and
predicting, by an inference module executing on the least one electronic apparatus, the static and dynamic analysis results for at least one target script based on the trained at least one LLM,
wherein the acquiring of the static and dynamic analysis results includes:
extracting first data including execution lines, variable values, and variable types by performing debugging on each of the plurality of scripts;
extracting second data including execution lines and symbolic expressions for conditional statements by performing symbolic execution on each of the plurality of scripts; and
extracting third data including execution lines, calling function names, and parameters of calling functions by performing function calling tracing on each of the plurality of scripts.