Information processing device, information processing method, and computer readable medium
US-2019056923-A1 · Feb 21, 2019 · US
Identify malicious software
US2025053654A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2025053654-A1 |
| Application number | US-202418925605-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 24, 2024 |
| Priority date | May 21, 2018 |
| Publication date | Feb 13, 2025 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for identifying malicious software includes receiving and executing a software application, identifying a plurality of uniform resource identifiers the software application interacts with during execution of the software application, and generating a vector representation for the software application using a feed-forward neural network configured to receive the plurality of uniform resource identifiers as feature inputs. The method also includes determining similarity scores for a pool of training applications, each similarity score associated with a corresponding training application and indicating a level of similarity between the vector representation for the software application and a respective vector representation for the corresponding training application. The method also includes flagging the software application as belonging to a potentially harmful application category when one or more of the training applications have similarity scores that satisfy a similarity threshold and include a potentially harmful application label.
First claim
Opening claim text (preview).
What is claimed is: 1 . A computer-implemented method executed by data processing hardware that causes the data processing hardware to perform operations comprising: receiving an application install pattern from a user device, the application install pattern indicating a sequence of applications installed on the user device; for each application in the sequence of applications, predicting, based on the sequence of applications, a next application in the sequence of applications; determining, based on the sequence of applications, that the predicted next application in the sequence of applications differs from an actual next application in the sequence of applications; and based on determining that the predicted next application in the sequence of applications differs from the actual next application in the sequence of applications, identifying the actual next application in the sequence of applications as malware. 2 . The method of claim 1 , wherein the application install pattern comprises device information indicating a device type for the user device. 3 . The method of claim 2 , wherein the device type specifies that the user device is one of a smartphone, tablet, laptop, or desktop. 4 . The method of claim 1 , wherein the application install pattern further includes an operating system of the user device. 5 . The method of claim 1 , wherein the operations further comprise generating a numerical vector representation for each application in the sequence of applications using a feed-forward neural network model configured to receive each application as feature inputs. 6 . The method of claim 5 , wherein the numerical vector representation generated for each application comprises a cryptographic hash. 7 . The method of claim 5 , wherein the feed-forward neural network model comprises a vector space model configured to determine a dimensional numerical vector representation for each application in the sequence of applications installed on the user device. 8 . The method of claim 7 , wherein the vector space model is configured to cluster each application in the sequence of applications in a free vector space near training applications having similar dimensional numerical vector representations. 9 . The method of claim 1 , wherein the operations further comprise transmitting a warning notification to the user device indicating that the actual next application installed on the user device comprises malware. 10 . The method of claim 1 , wherein the operations further comprise labeling the actual next application as belonging to a potentially harmful application category, the potentially harmful application category comprising at least one of a hostile downloader application, a phishing application, a rooting trojan application, a spyware application, a ransomware application, a malware application, or an escalating privileges application. 11 . A system for identifying malicious software, the system comprising: data processing hardware; memory hardware in communication with the data processing hardware, the memory hardware storing instructions that when executed by the data processing hardware cause the data processing hardware to perform operations comprising: receiving an application install pattern from a user device, the application install pattern indicating a sequence of applications installed on the user device; for each application in the sequence of applications, predicting, based on the sequence of applications, a next application in the sequence of applications; determining, based on the sequence of applications, that the predicted next application in the sequence of applications differs from an actual next application in the sequence of applications; and based on determining that the predicted next application in the sequence of applications differs from the actual next application in the sequence of applications, identifying the actual next application in the sequence of applications as malware. 12 . The system of claim 11 , wherein the application install pattern comprises device information indicating a device type for the user device. 13 . The system of claim 12 , wherein the device type specifies that the user device is one of a smartphone, tablet, laptop, or desktop. 14 . The system of claim 11 , wherein the application install pattern further includes an operating system of the user device. 15 . The system of claim 11 , wherein the operations further comprise generating a numerical vector representation for each application in the sequence of applications using a feed-forward neural network model configured to receive each application as feature inputs. 16 . The system of claim 15 , wherein the numerical vector representation generated for each application comprises a cryptographic hash. 17 . The system of claim 15 , wherein the feed-forward neural network model comprises a vector space model configured to determine a dimensional numerical vector representation for each application in the sequence of applications installed on the user device. 18 . The system of claim 17 , wherein the vector space model is configured to cluster each application in the sequence of applications in a free vector space near training applications having similar dimensional numerical vector representations. 19 . The system of claim 11 , wherein the operations further comprise transmitting a warning notification to the user device indicating that the actual next application installed on the user device comprises malware. 20 . The system of claim 11 , wherein the operations further comprise labeling the actual next application as belonging to a potentially harmful application category, the potentially harmful application category comprising at least one of a hostile downloader application, a phishing application, a rooting trojan application, a spyware application, a ransomware application, a malware application, or an escalating privileges application.
Assignees
Inventors
Classifications
Supervised learning · CPC title
Feedforward networks · CPC title
Learning methods · CPC title
Architecture, e.g. interconnection topology · CPC title
Test or assess software · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2025053654A1 cover?
- A method for identifying malicious software includes receiving and executing a software application, identifying a plurality of uniform resource identifiers the software application interacts with during execution of the software application, and generating a vector representation for the software application using a feed-forward neural network configured to receive the plurality of uniform res…
- Who is the assignee on this patent?
- Google Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/566. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Feb 13 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).