公开(公告)号：US20200089875A1

公开(公告)日：2020-03-19

申请号：US16694123

申请日：2019-11-25

Applicant: Avast Software s.r.o.

Inventor： Hiram Lew ,  Filip Havlícek ,  Pablo Sole ,  Tomás Pop

IPC: G06F21/55 ,  G06F21/56 ,  G06F9/54

Abstract: Systems and methods observe and classify device events. A model containing a set of features to be observed can be determined based on machine learning and training methods. A client application can issue a transaction request to an operating system service. A determination can be made whether the operating system service, a method associated with the transaction request, and the client application are currently being observed. In response to determining that the operating system service, a method associated with the transaction request, and the client application are being observed, a behavioral vector associated with the client application can be modified to indicate that the feature represented by the method is associated with the client application. The behavioral vector can be used to determine if the client application is malware.

公开(公告)号：US20190156037A1

公开(公告)日：2019-05-23

申请号：US16193822

申请日：2018-11-16

Applicant: Avast Software s.r.o.

Inventor： Petr Gronat ,  Rajarshi Gupta ,  Filip Havlícek ,  Michal Wojcik

IPC: G06F21/56 ,  G06N5/04

Abstract: Minimizing the latency of on-device detection of malicious executable files, without sacrificing accuracy, by applying a machine learning model to an executable file in quantized steps. Allowing a threshold confidence level to be set to different values enables controlling the tradeoff between accuracy and latency in generating a confidence level indicative of whether the executable file includes malware.

公开(公告)号：US20190102543A1

公开(公告)日：2019-04-04

申请号：US16141268

申请日：2018-09-25

Applicant: Avast Software s.r.o.

Inventor： Hiram Lew ,  Filip Havlícek ,  Pablo Sole ,  Tomás Pop

IPC: G06F21/55 ,  G06F21/56 ,  G06F9/54

Abstract: Systems and methods observe and classify device events. A model containing a set of features to be observed can be determined based on machine learning and training methods. A client application can issue a transaction request to an operating system service. A determination can be made whether the operating system service, a method associated with the transaction request, and the client application are currently being observed. In response to determining that the operating system service, a method associated with the transaction request, and the client application are being observed, a behavioral vector associated with the client application can be modified to indicate that the feature represented by the method is associated with the client application. The behavioral vector can be used to determine if the client application is malware.