Fortinet, Inc.
AUTOMATED FEATURE EXTRACTION AND ARTIFICIAL INTELLIGENCE (AI) BASED DETECTION AND CLASSIFICATION OF MALWARE

Abstract:

Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and malware samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local malware detection model. Responsive to detection of malware in a sample processed by a D-node, the T-node receives the sample from the D-node. When the sample is not in the sample library, it is incorporated into the sample library. A feature depository is created/updated by the T-node by extracting features from the samples. Responsive to a retraining event: (i) an improved classification model is created by retraining the classifier based on the feature depository; and (ii) the D-nodes are upgraded by replacing their local malware detection models with the improved classification model.