9 results about "Malware" patented technology

A set of likelihood values associated with a set of characteristics associated with the set of goodware entities is determined. The set of characteristics is stored in association with the set of likelihood values as a model. A set of relative information gain values associated with the characteristics of the set of characteristics is generated. One or more characteristics are removed from the model responsive to the relative information gain values associated with the one or more characteristics to produce a revised model.

A processor of a medical device configured to communicate with a remote server can be programmed to protect the medical device from exposure to unauthorized or malicious software. A system or method to implement this form of protection can include, for example, at least one processor on the medical device, a control software module that controls the operation of the medical device and is executable on the processor, a data management module that manages data flow to and from the control software module from sources external to the medical device, and an agent module that has access to a limited number of designated memory locations in the medical device. In addition, a hemodialysis apparatus can be configured to operate in conjunction with an apparatus for providing purified water from a source such as a municipal water supply or a well. A system for controlling delivery of purified water to the hemodialysis apparatus can comprise a therapy controller of the hemodialysis apparatus configured to communicate with a controller of a water purification device, and a user interface controller of the hemodialysis apparatus configured to communicate with the therapy controller, and to send data to and receive data from a user interface.

The present invention automates the operation of multiple malware removal software products using a computerized system that systematically operates the multiple selected software products. These products are operated them in a customized “Safe Mode” using a shell that is different than the computer's other shell environments. Unlike the ordinary Safe Modes shells, the Custom Safe Mode prevents malware from functioning that ties itself to the normal shell, such as the Windows Explorer shell. In addition, the Custom Safe Mode allows the automation of tasks beyond that which is available under the standard command line shell.

The invention provides a malicious software API (Application Program Interface) call sequence detection method based on graph convolution. The method comprises the following steps: acquiring and recording API call sequence information of processes and sub-processes when a large number of software samples run; performing vectorization processing on the API calling sequence information; extracting aparameter relationship, a dependency relationship and a sequence relationship of the API function; establishing an API call graph; inputting the API call graph into a graph convolutional neural network for training to obtain a malicious software detection network model; collecting API calling sequence information of processes and sub-processes when the executable file to be detected runs; constructing an API call graph of the executable file to be detected, then inputting the API call graph of the executable file to be detected into the malicious software detection network model, If the output result of the malicious software detection network model is 1, indicating that the judgment result is malicious software; If the output result of the malicious software detection network model is 0,indicating that the judgment result is normal software.

The invention provides a link library function name recognition method and device for a computer binary program. The method comprises the steps of archiving and sorting a static link library is collected; the collected static link libraries; writing the trained machine learning model into an IDA plug-in, and loading and using the IDA plug-in in IDA; and enabling the IDA to receive a suspicious malicious binary program input by a user, call the IDA plug-in compiled by the trained machine learning model to perform automatic analysis and detection, and displays a detection result in an IDA interface. According to the scheme, reverse analysis personnel can conveniently analyze unknown malicious software performance functions in a targeted mode. under the condition that the static link libraryis insufficient, the trained machine learning model can actively distinguish the static link library function from the performance function of the malicious program, the accuracy of static link library function recognition can be improved, and the situation that an attacker maliciously constructs the malicious function consistent with the static link library function signature and cannot recognizethe malicious program is avoided.

The invention provides a malicious software detection network optimization method and device, electronic equipment and a storage medium. The method comprises the following steps: performing feature extraction on software randomly selected in advance to obtain a first feature vector set St; performing feature extraction on the software by using a feature extraction mode selected according to the first feature vector set St based on a greedy algorithm and a target network to obtain a second feature vector set St + 1; respectively determining a first probability that the software belongs to the malicious software in the first feature vector set St and a second probability that the software belongs to the malicious software in the second feature vector set St + 1 according to the first feature vector set St and the second feature vector set St + 1 by utilizing a pre-constructed malicious software detection classification model; comparing the confidence of the first probability with the confidence of the second probability to obtain a feedback result; and optimizing the target network according to the feedback result.