公开(公告)号：US20200210871A1

公开(公告)日：2020-07-02

申请号：US16725906

申请日：2019-12-23

Applicant: Avast Software s.r.o.

Inventor： Galina Alperovich ,  Dmitry Kuznetsov ,  Rajarshi Gupta

IPC: G06N7/00 ,  G06N20/00 ,  G06N5/02

Abstract: Systems and methods for device type classification system include a rules engine and a machine learning engine. The machine learning engine can be trained using device type data from multiple networks. The machine learning engine and the rules engine can receive data for devices on a network at a first point in time. The data can be submitted to a rules engine and the machine learning engine, which each produce device type probabilities for devices on the network. The device type probabilities from the rules engine and the machine learning engine can be processed to determine device types for one or more devices on the network. As more data becomes available at later points in time, the additional data can be provided to the rules engine and the machine learning engine to update the device type determinations for the network.

公开(公告)号：US11586962B2

公开(公告)日：2023-02-21

申请号：US16725906

申请日：2019-12-23

Applicant: Avast Software s.r.o.

Inventor： Galina Alperovich ,  Dmitry Kuznetsov ,  Rajarshi Gupta

IPC: G06N7/00 ,  G06N5/02 ,  G06N20/00

Abstract: Systems and methods for device type classification system include a rules engine and a machine learning engine. The machine learning engine can be trained using device type data from multiple networks. The machine learning engine and the rules engine can receive data for devices on a network at a first point in time. The data can be submitted to a rules engine and the machine learning engine, which each produce device type probabilities for devices on the network. The device type probabilities from the rules engine and the machine learning engine can be processed to determine device types for one or more devices on the network. As more data becomes available at later points in time, the additional data can be provided to the rules engine and the machine learning engine to update the device type determinations for the network.

公开(公告)号：US20220337488A1

公开(公告)日：2022-10-20

申请号：US17231802

申请日：2021-04-15

Applicant: Avast Software s.r.o.

Inventor： Michal Najman ,  Dmitry Kuznetsov

IPC: H04L12/24 ,  G06N5/02 ,  G06N20/00 ,  G06N5/04 ,  H04L29/06

Abstract: A method of identifying network devices includes transforming a first data set of feature-rich device characteristics of devices with known device identities to a second data set comprising feature-poor device characteristics with the known device identities. A third data set of feature-poor device characteristics of devices with known identities is collected. A statistical model is derived comprising one or more adjustments to the transformed data set, the statistical model reflecting a difference in statistical distribution between one or more characteristics of the second data set of transformed device characteristics and one or more corresponding and/or related characteristics of the third data set of feature-poor device characteristics. A device identification module is trained based on the second data set of feature-poor characteristics and the statistical model adjustments, the trained device identification module operable to use feature-poor device characteristics to identify network devices.

公开(公告)号：US11861006B2

公开(公告)日：2024-01-02

申请号：US17151462

申请日：2021-01-18

Applicant: Avast Software s.r.o.

Inventor： Martin Bálek ,  Fabrizio Biondi ,  Dmitry Kuznetsov ,  Olga Petrova

IPC: H04L29/06 ,  G06F21/56 ,  G06N20/00 ,  G06F21/54 ,  G06F18/21

CPC classification number: G06F21/566 ,  G06F18/217 ,  G06F21/54 ,  G06F21/568 ,  G06N20/00

Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.

公开(公告)号：US20220229906A1

公开(公告)日：2022-07-21

申请号：US17151462

申请日：2021-01-18

Applicant: Avast Software s.r.o.

Inventor： Martin Bálek ,  Fabrizio Biondi ,  Dmitry Kuznetsov ,  Olga Petrova

IPC: G06F21/56 ,  G06F21/54 ,  G06K9/62 ,  G06N20/00

Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.