US 11,841,947 B1
Methods and apparatus for machine learning based malware detection
Joshua Daniel Saxe, Los Angeles, CA (US); and Konstantin Berlin, Potomac, MD (US)
Assigned to Invincea, Inc., Burlington, MA (US)
Filed by Invincea, Inc., Reston, VA (US)
Filed on Dec. 8, 2020, as Appl. No. 17/115,272.
Application 17/115,272 is a continuation of application No. 16/415,471, filed on May 17, 2019, granted, now 10,896,256.
Application 16/415,471 is a continuation of application No. 15/877,676, filed on Jan. 23, 2018, granted, now 10,303,875, issued on May 28, 2019.
Application 15/877,676 is a continuation of application No. 15/616,391, filed on Jun. 7, 2017, granted, now 9,910,986, issued on Mar. 6, 2018.
Application 15/616,391 is a continuation of application No. 15/228,728, filed on Aug. 4, 2016, granted, now 9,690,938, issued on Jun. 27, 2017.
Claims priority of provisional application 62/201,263, filed on Aug. 5, 2015.
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/56 (2013.01); G06N 3/04 (2023.01); G06N 20/00 (2019.01); G06N 7/01 (2023.01)
CPC G06F 21/563 (2013.01) [G06N 3/04 (2013.01); G06N 7/01 (2023.01); G06N 20/00 (2019.01)] 21 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving a target file;
calculating an attribute value associated with the target file, the attribute value being based on at least one of:
a set of informational entropy values obtained from the target file;
a histogram of byte values within the target file;
a set of byte standard deviation ranges associated with the target file; or
a hash value for each string from a set of strings within the target file;
identifying a set of Portable Executable (PE) header values associated with the target file;
calculating a probability that the target file is malicious based on the attribute value and the set of PE header values; and
communicating a threat score based on the probability, the threat score associated with a potential threat to a user, device, or network.