US 12,141,281 B2
Machine learning-based malware detection in process memory
Felix Schwyzer, Berlin (DE)
Assigned to CrowdStrike, Inc., Sunnyvale, CA (US)
Filed by CrowdStrike, Inc., Sunnyvale, CA (US)
Filed on Jul. 12, 2022, as Appl. No. 17/862,623.
Claims priority of provisional application 63/348,756, filed on Jun. 3, 2022.
Prior Publication US 2023/0394145 A1, Dec. 7, 2023
Int. Cl. G06F 21/56 (2013.01); G06F 21/53 (2013.01); G06N 20/00 (2019.01)
CPC G06F 21/564 (2013.01) [G06F 21/53 (2013.01); G06N 20/00 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A computer implemented method for detecting malware, the method comprising:
obtaining a plurality of memory image data, respective ones of the memory image data comprising captured memory contents from an executing process;
providing training data comprising feature vectors and classification values to a machine learning (ML) training model executing on a processing device, wherein the feature vectors comprise indications of patterns within the memory image data; and
training, by the processing device, the ML training model based on the training data to generate an ML production model, the training comprising computing a plurality of model parameters that relate the feature vectors of the training data to the classification values of the training data.