	US 12,141,285 B2
	Identify malicious software
Richard Cannings, Santa Cruz, CA (US); Sai Deep Tetali, Mountain View, CA (US); Mo Yu, Mountain View, CA (US); and Salvador Mandujano, San Jose, CA (US)
Assigned to Google LLC, Mountain View, CA (US)
Filed by Google LLC, Mountain View, CA (US)
Filed on Dec. 20, 2023, as Appl. No. 18/390,042.
Application 18/390,042 is a division of application No. 17/057,639, granted, now 11,880,462, previously published as PCT/US2018/033646, filed on May 21, 2018.
Prior Publication US 2024/0134980 A1, Apr. 25, 2024
Int. Cl. G06F 21/56 (2013.01); G06F 21/52 (2013.01); G06N 3/04 (2023.01); G06N 3/08 (2023.01)

CPC G06F 21/566 (2013.01) [G06F 21/52 (2013.01); G06N 3/04 (2013.01); G06N 3/08 (2013.01); G06F 2221/033 (2013.01)]

14 Claims

1. A method for identifying malicious software on a user device, the method comprising:

receiving, at data processing hardware, an application install pattern from a user device, the application install pattern indicating a sequence of n-applications installed on the user device;

for each application in the sequence of n-applications:

generating, by the data processing hardware, a numerical vector representation for the corresponding application using a feed-forward neural network model configured to receive each application and the order of each application in the sequence of n-applications as feature inputs; and

clustering, by the data processing hardware, the corresponding application in a free vector space based on the numerical vector representation for the corresponding application;

determining, by the data processing hardware, whether any of the applications in the sequence of n-applications are clustered with training applications identified as malware; and

for each application clustered with training applications identified as malware, identifying, by the data processing hardware, the corresponding application in the sequence of n-applications as malware.