Self-learning and adapting cyber threat defense
US-2022269949-A1 · Aug 25, 2022 · US
Predicting future malware with generative models
US12547713B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12547713-B2 |
| Application number | US-202117511305-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 26, 2021 |
| Priority date | Oct 26, 2021 |
| Publication date | Feb 10, 2026 |
| Grant date | Feb 10, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A malware classification system includes a first machine-learning model trained based on malware from a first plurality of prior time periods to predict malware in a first subsequent time period subsequent to the first plurality of prior time periods, and a second machine-learning model is trained based on malware from a second plurality of prior time periods offset by at least some time from the plurality of time periods used to train the first machine-learning model to predict malware in a second subsequent time period subsequent to the second plurality of prior time periods. The trained first and second machine-learning models are used to predict malware in a future time period, and a classifier is trained using the malware from a plurality of the prior time periods and predicted malware from a future time period to train the classifier to identify and/or classify malware.
First claim
Opening claim text (preview).
The invention claimed is: 1 . A method of operating a malware evaluation system, comprising: training a first machine-learning model using observed malware from a first set of distinct prior time periods to predict malware in a first subsequent time period subsequent to the first set of prior time periods, training at least a second machine-learning model based on observed malware from a second set of distinct prior time periods offset in time from and non-overlapping with the first set of prior time periods used to train the first machine-learning model, the second machine-learning model trained to predict malware in a second subsequent time period subsequent to the second set of prior time periods; and applying the trained first and at least second machine-learning models to a training set of data to generate a set of predicted future malware; and concurrently training a classifier, using the observed malware from a first set of time periods, the observed malware from a second set of time periods, and the set of predicted future malware, the classifier operable to detect both known malware and malware not previously observed in any of the prior time periods. 2 . The malware evaluation system of claim 1 , further comprising deploying the trained classifier to an anti-malware module operable to detect known and predicted malware and to alert a user of the detected malware. 3 . The malware evaluation system of claim 1 , wherein the classifier is trained using both prior malware and subsequent malware predicted by the trained first and at least second machine-learning models. 4 . The malware evaluation system of claim 1 , wherein the classifier comprises a neural network. 5 . The malware evaluation system of claim 1 , wherein the first and at least second machine learning models are generative machine learning models. 6 . The malware evaluation system of claim 5 , wherein the generative machine learning models are conditional cyclic generative adversarial networks (CCyGAN). 7 . The malware evaluation system of claim 5 , wherein the generative machine learning model is trained on static features of the malware from the prior time periods. 8 . The malware evaluation system of claim 5 , wherein the generative machine learning model is trained on behavioral analysis of the malware from the prior time periods. 9 . A method of detecting future malware, comprising: executing a trained malware classifier in a malware evaluation system to identify malware, the trained malware classifier trained to identify both known malware and malware not previously observed in any of the prior time periods using a set of predicted future malware derived from at least first and second machine-learning models, the first machine-learning model trained using observed malware from a first set of prior time periods to predict malware in a first time period subsequent to the first set of prior time periods and the second machine-learning model trained using observed malware from a second set of distinct prior time periods offset in time from and non-overlapping with the first set of prior time periods used to train the first machine-learning model, the second machine-learning model trained to predict malware in a second subsequent time period subsequent to the second set of prior time periods; applying the trained first and at least second machine-learning models to a training set of data to generate a set of predicted future malware, and training a classifier, using the observed malware from a first set of time periods, the observed malware from a second set of time periods, and the set of predicted future malware, the classifier operable to detect both known malware and malware not previously observed in any of the prior time periods; and alerting a user of malware identified by the malware evaluation system's classifier. 10 . The method of detecting future malware of claim 9 , wherein the first and at least second machine-learning models are generative machine learning models. 11 . The method of detecting future malware of claim 9 , wherein the classifier comprises a neural network. 12 . The method of detecting future malware of claim 9 , wherein the classifier is trained using both prior malware and malware predicted by the trained first and at least second machine-learning models. 13 . The method of detecting future malware of claim 9 , wherein the first and second machine-learning modules are trained on at least one of static features of the malware from the prior time periods and behavioral analysis of the malware from the prior time periods. 14 . An information handling system, comprising: a memory; a processor operable to execute program instructions stored in the memory; and program instructions comprising: a first machine-learning model trained using observed malware from a first set of prior time periods to predict malware in a first subsequent time period subsequent to the first set of distinct prior time periods, and at least a second machine-learning model trained using observed malware from a second set of distinct prior time periods offset in time from and non-overlapping with the first set of time periods used to train the first machine-learning model, the second machine-learning model trained to predict malware in a second subsequent time period subsequent to the second set of prior time periods; wherein the trained first and at least second machine-learning models are applied to a training set of data to generate a set of predicted future malware and concurrently training a classifier, using the observed malware from a first set of time periods, the observed malware from a second set of time periods, and the set of predicted future malware, the classifier operable to detect both known malware and malware not previously observed in any of the prior time periods. 15 . The information handling system of claim 14 , wherein the classifier is executed on at least one other information handling system and is operable to detect known and predicted malware and to alert a user of the detected malware. 16 . The information handling system of claim 14 , wherein the classifier is trained using both prior malware and malware predicted by the trained first and second machine-learning models. 17 . The information handling system of claim 14 , wherein the first and second machine learning models are generative machine learning models.
Assignees
Inventors
Classifications
Combinations of networks · CPC title
Test or assess software · CPC title
- G06F21/562Primary
Static detection · CPC title
Non-supervised learning, e.g. competitive learning · CPC title
Probabilistic graphical models, e.g. probabilistic networks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12547713B2 cover?
- A malware classification system includes a first machine-learning model trained based on malware from a first plurality of prior time periods to predict malware in a first subsequent time period subsequent to the first plurality of prior time periods, and a second machine-learning model is trained based on malware from a second plurality of prior time periods offset by at least some time from t…
- Who is the assignee on this patent?
- Avast Software Sro
- What technology area does this patent fall under?
- Primary CPC classification G06F21/562. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 10 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).