Malware detection system and method for mobile platforms
US-9104871-B2 · Aug 11, 2015 · US
Determining exploit prevention using machine learning
US12598206B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12598206-B2 |
| Application number | US-202117499319-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 12, 2021 |
| Priority date | Apr 13, 2018 |
| Publication date | Apr 7, 2026 |
| Grant date | Apr 7, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Examples of the present disclosure describe systems and methods for determining exploit prevention software settings using machine learning. In aspects, exploit prevention software may be used to identify processes executing on a computing device. Metadata for the identified processes may be determined and transmitted to a machine learning system. The machine learning system may use an exploit prevention model to determine exploit prevention configuration settings for each of the processes, and may transmit the configuration setting to the computing device. The computing device may implement the configuration settings to protect the processes and monitor the stability of the protected processes as they execute. The computing device may transmit the stability data to the machine-learning system. The machine-learning system may then modify the exploit prevention model based on the stability data.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for adjusting exploit prevention configuration settings comprising: receiving, by a machine learning system for exploit prevention from exploit prevention software executing on a computing device, process information for one or more protected processes protected by the exploit prevention software and executing on the computing device, the machine learning system comprising a machine learning model trained to determine process configuration settings for the one or more protected processes and exploit prevention configuration settings for the exploit prevention software, for each of the one or more protected processes, the machine learning model representing training data comprising: training process information for each of one or more processes protectable by the exploit prevention software; and training configuration settings; generating, by the machine learning system, the exploit prevention configuration settings for the exploit prevention software and the process configuration settings for the one or more protected processes based on the process information for the one or more protected processes, wherein generating the exploit prevention configuration settings comprises applying the machine learning model to the process information for the one or more protected processes; providing, by the machine learning system to the exploit prevention software executing on the computing device, the exploit prevention configuration settings; providing, by the machine learning system, the process configuration settings to the one or more protected processes; receiving, by the machine learning system from the exploit prevention software, monitored process stability data for each of the one or more protected processes, the monitored process stability data indicating monitored stability of each of the one or more protected processes monitored during execution before and after application of the exploit prevention configuration settings into the exploit prevention software, the monitored process stability data comprising for each of the one or more protected processes at least one of a number of processes crashes or a number of reported errors; determining, by the machine learning system based on the received monitored process stability data, whether the one or more protected processes have become more or less stable after application of the exploit prevention configuration settings into the exploit prevention software; based on whether the one or more protected processes have become more or less stable while executing on the computing device, adjusting: the process configuration settings provided by the machine learning system to the one or more protected processes; and the exploit prevention configuration settings provided by the machine learning system to the exploit prevention software; and applying the adjusted process configuration settings and the adjusted exploit prevention configuration settings to the computing device. 2 . The method of claim 1 , wherein the process information comprises metadata for the one or more protected processes, wherein the metadata corresponds to at least one of a process identifier, methods or functions used by the one or more protected processes, and objects used during execution of the one or more protected processes. 3 . The method of claim 1 , wherein the process information comprises one or more hash values for the one or more protected processes, and wherein the one or more hash values are received by the machine learning system from the exploit prevention software. 4 . The method of claim 1 , wherein the exploit prevention configuration settings comprise at least one configuration setting for each protected process identified in the process information. 5 . The method of claim 1 , wherein applying the exploit prevention configuration settings comprises at least one of: a setting to cause restarting the computing device, a setting to cause restarting the one or more protected processes by the computing device, a setting to cause modifying previously-configured configuration settings by the computing device, and a setting to cause recompiling a file by the computing device. 6 . The method of claim 1 , wherein the monitored process stability data comprises at least one of: system health statistics for the computing device, performance statistics for the one or more protected processes, process status for the one or more protected processes, evaluations of event files, and evaluations of checkpoints in executing code. 7 . The method of claim 1 , further comprising: evaluating the monitored process stability data; and when the monitored process stability data indicates a decrease in the process stability of the one or more protected processes, reducing, by the computing device, exploit protection provided by the exploit prevention configuration settings. 8 . The method of claim 1 , wherein determining whether the one or more protected processes have become more or less stable comprises determining whether the one or more protected processes have become more or less stable after application of the exploit prevention configuration settings into the exploit prevention software and as compared to the one or more protected processes executing on the computing device with prior exploit configuration settings applied into the exploit prevention software. 9 . A system comprising: at least one processor; and memory coupled to the at least one processor, the memory storing computer executable instructions that, when executed by the at least one processor, performs a method comprising: receiving, by a machine learning system for exploit prevention from exploit prevention software executing on a computing device, process information for one or more protected processes protected by the exploit prevention software and executing on the computing device; generating, by the machine learning system, exploit prevention configuration settings for the exploit prevention software and process configuration settings for the one or more protected processes, based on the process information for the one or more protected processes, wherein generating the exploit prevention configuration settings comprises applying a machine learning model to the process information for the one or more protected processes, the machine learning model trained to determine the process configuration settings for the one or more protected processes and the exploit prevention configuration settings for the exploit prevention software, the machine learning model representing training data comprising: training process information for each of one or more processes protectable by the exploit prevention software; and training configuration settings; providing, by the machine learning system to the exploit prevention software executing on the computing device, the exploit prevention configuration settings; receiving, by the machine learning system from the exploit prevention software, monitored process stability data for each of the one or more protected processes, the monitored process stability data indicating stability monitored of each of the one or more protected processes monitored during execution before and after application of the exploit prevention configuration settings into the exploit prevention software, the monitored process stability data comprising for each of the one or more protected processes at least one of a number of processes crashes or a number of reported errors; determining, by the machine learning system based on the received monitored process stability data, whether the one or more protected processes have become more or less stable after application of the exploit prevention
Assignees
Inventors
Classifications
Hash tables · CPC title
Machine learning · CPC title
Access control lists [ACL] · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12598206B2 cover?
- Examples of the present disclosure describe systems and methods for determining exploit prevention software settings using machine learning. In aspects, exploit prevention software may be used to identify processes executing on a computing device. Metadata for the identified processes may be determined and transmitted to a machine learning system. The machine learning system may use an exploit …
- Who is the assignee on this patent?
- Open Text Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 07 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).