Fortinet, Inc.
Automated feature extraction and artificial intelligence (AI) based detection and classification of malware

Abstract:

Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and virus samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local virus detection model. Responsive to detection of a virus by a D-node, the T-node receives a virus sample from the D-node. When the virus sample is not in the sample library, it is incorporated into the sample library. A feature depository is created/updated by the T-node by extracting features from the samples. Responsive to a retraining event: (i) an improved classification model is created by retraining the classifier based on the feature depository; and (ii) the D-nodes are upgraded by replacing their local virus detection models with the improved classification model.