公开(公告)号：US10437986B2

公开(公告)日：2019-10-08

申请号：US15374670

申请日：2016-12-09

Applicant: Avast Software s.r.o.

Inventor： Martin Vejmelka

IPC: G06F21/53 ,  G06F16/22 ,  G06F16/23 ,  G06F21/55

Abstract: Systems and methods index and search log files created after execution of binaries. A plurality of log files each have one or more sequences. An index tree is created for the log files. A first log file is placed into a bucket of the index tree according to the lengths of the one or more sequences of the first log file. Remaining logs files are placed the index tree according to their respective sequence lengths. Each log becomes a representative in the bucket or associated with a representative in the bucket. The index tree can be searched, where an incurred distance and a remaining distance is maintained during the search. Nodes are pruned based, at least in part, on the incurred distance and the remaining distance.

公开(公告)号：US10198576B2

公开(公告)日：2019-02-05

申请号：US15374865

申请日：2016-12-09

Applicant: Avast Software s.r.o.

Inventor： Martin Vejmelka

IPC: G06F21/53 ,  G06F21/56

Abstract: Systems and method identify potentially mislabeled file samples. A graph is created from a plurality of sample files. The graph includes nodes associated with the sample files and behavior nodes associated with behavior signatures. Phantom nodes are created in the graph for those sample files having a known label. During a label propagation operation, a node receives data indicating a label distribution of a neighbor node in the graph. In response to determining that the current label for the node is known, a neighborhood opinion is determined for the associated phantom node, based at least in part on the label distribution of the neighboring nodes. After the label propagation operation has completed, differences between the neighborhood opinion and the current label distribution for nodes are determined. If the difference exceeds a threshold, then the current label may be incorrect.

公开(公告)号：US20190138722A1

公开(公告)日：2019-05-09

申请号：US16184423

申请日：2018-11-08

Applicant: Avast Software s.r.o. ,  Ústav informatiky AV CR, v.v.i.

Inventor： Marek Krcál ,  Martin Bálek ,  Ondrej Svec ,  Martin Vejmelka

IPC: G06F21/56 ,  G06N3/02

Abstract: A convolutional deep neural network architecture can detect malicious executable files by reading the raw sequence of bytes, that is, without any domain-specific feature extraction or preprocessing.

公开(公告)号：US20170169214A1

公开(公告)日：2017-06-15

申请号：US15374670

申请日：2016-12-09

Applicant: Avast Software s.r.o.

Inventor： Martin Vejmelka

IPC: G06F21/53 ,  G06F17/30 ,  G06F21/56

CPC classification number: G06F21/53 ,  G06F16/2246 ,  G06F16/2358 ,  G06F21/552

Abstract: Systems and methods index and search log files created after execution of binaries. A plurality of log files each have one or more sequences. An index tree is created for the log files. A first log file is placed into a bucket of the index tree according to the lengths of the one or more sequences of the first log file. Remaining logs files are placed the index tree according to their respective sequence lengths. Each log becomes a representative in the bucket or associated with a representative in the bucket. The index tree can be searched, where an incurred distance and a remaining distance is maintained during the search. Nodes are pruned based, at least in part, on the incurred distance and the remaining distance.

公开(公告)号：US11256804B2

公开(公告)日：2022-02-22

申请号：US16184423

申请日：2018-11-08

Applicant: Avast Software s.r.o. ,  Ústav informatiky AV {hacek over (C)}R, v.v.i.

Inventor： Marek Kr{hacek over (c)}ál ,  Martin Bálek ,  Ond{hacek over (r)}ej {hacek over (S)}vec ,  Martin Vejmelka

IPC: G06F21/56 ,  G06N3/02 ,  H04L29/06 ,  H04W12/12 ,  H04W12/128

Abstract: A convolutional deep neural network architecture can detect malicious executable files by reading the raw sequence of bytes, that is, without any domain-specific feature extraction or preprocessing.

公开(公告)号：US20170169215A1

公开(公告)日：2017-06-15

申请号：US15374865

申请日：2016-12-09

Applicant: Avast Software s.r.o.

Inventor： Martin Vejmelka

IPC: G06F21/53 ,  G06F21/56

CPC classification number: G06F21/53 ,  G06F21/564

Abstract: Systems and method identify potentially mislabeled file samples. A graph is created from a plurality of sample files. The graph includes nodes associated with the sample files and behavior nodes associated with behavior signatures. Phantom nodes are created in the graph for those sample files having a known label. During a label propagation operation, a node receives data indicating a label distribution of a neighbor node in the graph. In response to determining that the current label for the node is known, a neighborhood opinion is determined for the associated phantom node, based at least in part on the label distribution of the neighboring nodes. After the label propagation operation has completed, differences between the neighborhood opinion and the current label distribution for nodes are determined. If the difference exceeds a threshold, then the current label may be incorrect.