公开(公告)号：US20240037103A1

公开(公告)日：2024-02-01

申请号：US17873611

申请日：2022-07-26

Applicant: Avast Software s.r.o.

Inventor： Michal Najman

IPC: G06F16/2455 ,  G06F16/242

CPC classification number: G06F16/24564 ,  G06F16/244

Abstract: A computing threat detection rule method and system for performing the method. The method includes determining identifiers for data points. One or more terms for each of the data points are determined to determine terms respectively associated with the identifiers. Collections of identifiers respectively associated with the terms are determined, the number of identifiers in each of the collections of identifiers limited to a threshold number. Conditions of a rule are determined. The conditions of the rule are compared to the terms to determine matching terms respectively associated with corresponding collections of identifiers. An intersection of the corresponding collections of identifiers is determined, and a number of the data points covered by the rule is determined based on the intersection of the corresponding collections of identifiers. A transmission is performed based on the number of the data points covered by the rule.

公开(公告)号：US20230130651A1

公开(公告)日：2023-04-27

申请号：US17511305

申请日：2021-10-26

Applicant: Avast Software s.r.o.

Inventor： Branislav Bosanský ,  Viliam Lisý ,  Michal Najman ,  Lada Hospodková

IPC: G06F21/56 ,  G06N3/04

Abstract: A malware classification system includes a first machine-learning model trained based on malware from a first plurality of prior time periods to predict malware in a first subsequent time period subsequent to the first plurality of prior time periods, and a second machine-learning model is trained based on malware from a second plurality of prior time periods offset by at least some time from the plurality of time periods used to train the first machine-learning model to predict malware in a second subsequent time period subsequent to the second plurality of prior time periods. The trained first and second machine-learning models are used to predict malware in a future time period, and a classifier is trained using the malware from a plurality of the prior time periods and predicted malware from a future time period to train the classifier to identify and/or classify malware.

公开(公告)号：US20220337488A1

公开(公告)日：2022-10-20

申请号：US17231802

申请日：2021-04-15

Applicant: Avast Software s.r.o.

Inventor： Michal Najman ,  Dmitry Kuznetsov

IPC: H04L12/24 ,  G06N5/02 ,  G06N20/00 ,  G06N5/04 ,  H04L29/06

Abstract: A method of identifying network devices includes transforming a first data set of feature-rich device characteristics of devices with known device identities to a second data set comprising feature-poor device characteristics with the known device identities. A third data set of feature-poor device characteristics of devices with known identities is collected. A statistical model is derived comprising one or more adjustments to the transformed data set, the statistical model reflecting a difference in statistical distribution between one or more characteristics of the second data set of transformed device characteristics and one or more corresponding and/or related characteristics of the third data set of feature-poor device characteristics. A device identification module is trained based on the second data set of feature-poor characteristics and the statistical model adjustments, the trained device identification module operable to use feature-poor device characteristics to identify network devices.