Unlock instant, AI-driven research and patent intelligence for your innovation.

Automatic semantic modeling of system events

A system event, event technology, applied in the field of behavior-based characterization of malware, can solve problems such as the relationship between events that cannot be determined

Pending Publication Date: 2022-07-22
INT BUSINESS MASCH CORP
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method cannot determine the relationship of events if there is no temporal dependence

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic semantic modeling of system events
  • Automatic semantic modeling of system events
  • Automatic semantic modeling of system events

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] As will be described below, the techniques herein utilize machine learning to derive semantic models of system events for use in providing behavior-based malware detection. Typically, machine learning algorithms and associated mechanisms are implemented as software, eg, one or more computer programs, executing in one or more computing machines. As background, representative computing machines and systems that can be used to perform the learning process and use the derived system event model are described below. Several execution environments are also described ( Figure 3-5 ).

[0022] Reference is now made to the accompanying drawings, and with specific reference to Figure 1-2 , an exemplary diagram of a data processing environment in which illustrative embodiments of the present disclosure may be implemented is provided. It should be understood that Figure 1-2 It is exemplary only, and is not intended to assert or imply any limitation with respect to the environ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method of detecting anomalous behavior in an execution environment. A set of system events collected from a monitored computing system is received. The model is then trained using machine learning using the received system events. The model is trained to automatically extract one or more features for a received set of system events, wherein the system event features are determined by semantic analysis and represent semantic relationships between or among groups of system events observed to co-occur in observation samples. The observation sample is associated with an operation scenario occurring in the execution environment. After the model is trained, and using the features, the model is used to detect anomalous behavior. As an optimization, the set of system events is pre-processed into a reduced set of system events prior to training. The modeler may include components of a malware detection system.

Description

[0001] Statement Regarding Sponsored Research [0002] This invention was made with government support under Contract FA8650-15-C-7561 awarded by the Defense Advanced Research Projects Agency (DARPA). The government has certain rights in the invention. technical field [0003] The present disclosure relates generally to computer network security, and more particularly to techniques for behavior-based characterization of malware. Background technique [0004] Intrusion and anomaly detection products, systems and services are well known. In fact, intrusion detection methods and antiviral solutions were introduced decades ago. Most traditional host-based and network-based attack / intrusion detection products utilize static signature matching methods. For example, traditional antivirus, firewalls, intrusion detection systems (IDS), etc. rely on specific binary or network communication signatures to identify attacks. The detection process typically includes: (i) attack discove...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/52G06F21/55G06F21/56G06K9/62G06N20/00G06N7/00H04L9/40G06N3/08
CPCG06F21/567G06F21/552H04L63/1425G06N3/08G06F18/213G06N20/00G06F21/52G06F21/554G06F18/22G06N7/01
Inventor 祝子昀疏晓葵D·基拉特张智勇M·斯多克林
Owner INT BUSINESS MASCH CORP