公开(公告)号：US20220124113A1

公开(公告)日：2022-04-21

申请号：US17645506

申请日：2021-12-22

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: G06F21/56 ,  H04L9/06 ,  G06N5/04 ,  G06N20/00 ,  G06N3/08 ,  G06N20/20 ,  G06N20/10

Abstract: A method includes receiving, at a first server from a second server, a first file attribute associated with a file. The method includes making a determination, at the first server based on the first file attribute, of availability of a classification for the file from a cache of the first server. The method includes, in response to the determination indicating that the classification is not available from the cache, sending a notification to the second server indicating that the classification for the file is not available. The method also includes receiving a first classification for the file from the second server at the first server. The first classification is generated by the second server responsive to the notification.

公开(公告)号：US11924233B2

公开(公告)日：2024-03-05

申请号：US17645506

申请日：2021-12-22

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: G06F21/56 ,  G06N3/08 ,  G06N5/04 ,  G06N20/00 ,  G06N20/10 ,  G06N20/20 ,  H04L9/06 ,  H04L9/40 ,  G06F16/27 ,  G06N5/01

CPC classification number: H04L63/1425 ,  G06F21/56 ,  G06F21/561 ,  G06F21/566 ,  G06N3/08 ,  G06N5/04 ,  G06N20/00 ,  G06N20/10 ,  G06N20/20 ,  H04L9/0643 ,  G06F16/27 ,  G06N5/01

Abstract: A method includes receiving, at a first server from a second server, a first file attribute associated with a file. The method includes making a determination, at the first server based on the first file attribute, of availability of a classification for the file from a cache of the first server. The method includes, in response to the determination indicating that the classification is not available from the cache, sending a notification to the second server indicating that the classification for the file is not available. The method also includes receiving a first classification for the file from the second server at the first server. The first classification is generated by the second server responsive to the notification.

公开(公告)号：US20210234880A1

公开(公告)日：2021-07-29

申请号：US17228194

申请日：2021-04-12

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/56 ,  G06N3/08 ,  G06N3/04

Abstract: Automated malware detection for application file packages using machine learning (e.g., trained neural network-based classifiers) is described. A particular method includes generating, at a first device, a first feature vector based on occurrences of character n-grams corresponding to a first subset of files of multiple files of an application file package. The method includes generating, at the first device, a second feature vector based on occurrences of attributes in a second subset of files of the multiple files. The method includes sending the first feature vector and the second feature vector from the first device to a second device as inputs to a file classifier. The method includes receiving, at the first device from the second device, classification data associated with the application file package based on the first feature vector and the second feature vector. The classification data indicates whether the application file package includes malware.

公开(公告)号：US10560472B2

公开(公告)日：2020-02-11

申请号：US16406284

申请日：2019-05-08

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: G06F21/56 ,  H04L29/06 ,  H04L9/06 ,  G06N5/04 ,  G06N20/00 ,  G06F16/27

Abstract: A method includes receiving a first file attribute from a computing device. The method also includes determining whether a classification for a file is available from a first cache of the server based on the first file attribute. The method includes sending the first file attribute from the server to a second server to determine whether the classification for the file is available at a base prediction cache of the second server. The method includes receiving a notification at the server from the second server that the classification for the file is unavailable at the base prediction cache. The method includes, in response to receiving the notification, determining the classification for the file by performing an analysis of a second file attribute based on a trained file classification model. The method includes sending the classification to the computing device and sending at least the classification to the base prediction cache.

公开(公告)号：US20230362183A1

公开(公告)日：2023-11-09

申请号：US18354284

申请日：2023-07-18

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: H04L9/40 ,  G06F21/55 ,  G06F21/56 ,  G06N3/084 ,  G06N3/045

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  G06F21/55 ,  G06F21/564 ,  G06F21/563 ,  G06N3/084 ,  G06N3/045 ,  G06N20/20

Abstract: A computing device including a memory configured to store instructions. The computing device includes a processor configured to execute the instructions from the memory to perform operations. The operations include identifying, among multiple files of a file package, a first file having a first file type. The operations include identifying, among the multiple files of the file package, a second file having a second file type. The operations include generating, based on the first file type, a first feature vector based on first features extracted from the first file. The operations include generating, based on the second file type, a second feature vector based on second features extracted from the second file. The operations include generating classification data associated with the file package, the classification data indicating whether the file package is predicted to include malware.

公开(公告)号：US11711388B2

公开(公告)日：2023-07-25

申请号：US17228194

申请日：2021-04-12

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: G06F21/00 ,  H04L9/40 ,  G06F21/55 ,  G06F21/56 ,  G06N3/084 ,  G06N3/045 ,  G06N20/20 ,  G06N5/01

CPC classification number: H04L63/1425 ,  G06F21/55 ,  G06F21/563 ,  G06F21/564 ,  G06N3/045 ,  G06N3/084 ,  H04L63/1416 ,  G06N5/01 ,  G06N20/20

Abstract: Automated malware detection for application file packages using machine learning (e.g., trained neural network-based classifiers) is described. A particular method includes generating, at a first device, a first feature vector based on occurrences of character n-grams corresponding to a first subset of files of multiple files of an application file package. The method includes generating, at the first device, a second feature vector based on occurrences of attributes in a second subset of files of the multiple files. The method includes sending the first feature vector and the second feature vector from the first device to a second device as inputs to a file classifier. The method includes receiving, at the first device from the second device, classification data associated with the application file package based on the first feature vector and the second feature vector. The classification data indicates whether the application file package includes malware.

公开(公告)号：US20200228559A1

公开(公告)日：2020-07-16

申请号：US16832718

申请日：2020-03-27

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/56 ,  G06N3/08 ,  G06N3/04

Abstract: Automated malware detection for application file packages using machine learning (e.g., trained neural network-based classifiers) is described. A particular method includes generating, at a first device, a first feature vector based on occurrences of character n-grams corresponding to a first subset of files of multiple files of an application file package. The method includes generating, at the first device, a second feature vector based on occurrences of attributes in a second subset of files of the multiple files. The method includes sending the first feature vector and the second feature vector from the first device to a second device as inputs to a file classifier. The method includes receiving, at the first device from the second device, classification data associated with the application file package based on the first feature vector and the second feature vector. The classification data indicates whether the application file package includes malware.

公开(公告)号：US10305923B2

公开(公告)日：2019-05-28

申请号：US15639520

申请日：2017-06-30

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: H04L29/06 ,  H04L9/06 ,  G06N99/00 ,  G06N5/04 ,  G06F21/56 ,  G06F17/30

Abstract: A method includes receiving, at a server, a first file attribute from a computing device, the first file attribute associated with a file. The method also includes determining, based on the first file attribute, that a classification for the file is unavailable. The method further includes determining the classification for the file based on a trained file classification model accessible to the server and sending the classification to the computing device. The method includes sending at least the classification to a base prediction cache associated with a second server.

公开(公告)号：US20190007433A1

公开(公告)日：2019-01-03

申请号：US15639520

申请日：2017-06-30

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: H04L29/06 ,  H04L9/06 ,  G06N99/00 ,  G06N5/04

Abstract: A method includes receiving, at a server, a first file attribute from a computing device, the first file attribute associated with a file. The method also includes determining, based on the first file attribute, that a classification for the file is unavailable. The method further includes determining the classification for the file based on a trained file classification model accessible to the server and sending the classification to the computing device. The method includes sending at least the classification to a base prediction cache associated with a second server.

公开(公告)号：US11212307B2

公开(公告)日：2021-12-28

申请号：US16731776

申请日：2019-12-31

Applicant: SparkCognition, Inc.

Inventor： Lucas McLane ,  Jarred Capellman

IPC: H04L29/06 ,  H04L9/06 ,  G06N5/04 ,  G06F21/56 ,  G06N20/00 ,  G06N3/08 ,  G06N20/20 ,  G06N20/10 ,  G06F16/27 ,  G06N5/00

Abstract: A processor-readable storage device storing instructions that cause a processor to perform operations including, subsequent to determining, at a first device based on a first file attribute associated with a file, that a classification for the file is unavailable at the first device, sending the first file attribute from the first device to a second device to determine whether the classification for the file is available at the second device. The operations include receiving a notification at the first device from the second device that the classification for the file is unavailable at the second device. The operations include, determining the classification for the file by performing, at the first device, an analysis of a second file attribute based on a trained file classification model. The operations include sending the classification from the first device to the second device and to a third device.