公开(公告)号：US20240354406A1

公开(公告)日：2024-10-24

申请号：US18305940

申请日：2023-04-24

Applicant: Avast Software s.r.o.

Inventor： Václav Belák ,  Martin Bálek ,  Tomáš Strenácik ,  Bretislav Šopík

IPC: G06F21/55 ,  G06N3/08

CPC classification number: G06F21/554 ,  G06N3/08 ,  G06F2221/034

Abstract: A method of detecting likely malicious activity in a sequence of computer instructions includes identifying a set of behaviors of the computer instructions and representing the identified behaviors as a graph. The graph is provided to a graph neural network that is trained to generate a geometric representation of the sequence of computer instructions, and a degree of relatedness between the geometric representation of the computer instructions and a set of base graphs including base graphs known to be malicious is determined. The sequence of computer instructions is determined to likely be malicious or clean based on a degree of relatedness between the geometric representation of the computer instructions and one or more base graphs known to be malicious.

公开(公告)号：US20250097263A1

公开(公告)日：2025-03-20

申请号：US18469117

申请日：2023-09-18

Applicant: Avast Software s.r.o.

Inventor： Sadia Afroz ,  Václav Belák ,  Kevin Roundy ,  Viliam Lisý ,  Petr Somol

IPC: H04L9/40 ,  H04L9/06 ,  H04L51/212 ,  H04L51/216

Abstract: Systems and methods enable a notification based on determining a particular electronic message is associated with a particular cluster of electronic messages. A plurality of electronic messages from a first plurality of accounts directed to a second plurality of accounts over a network are received. The plurality of electronic messages are compared to determine a plurality of clusters of electronic messages. A particular electronic message is received from a first particular account directed to a second particular account. The particular electronic message is compared to the plurality of clusters of electronic messages to determine that the particular electronic message is associated with a particular cluster of the plurality of clusters of electronic messages. A notification is provided based on the determining that the particular electronic message is associated with the particular cluster of the plurality of clusters of electronic messages.