Zscaler, Inc.
Pattern similarity measures to quantify uncertainty in malware classification

Abstract:

Systems and methods include receiving content for classification; classifying the content as one of benign and malicious utilizing a model that has been trained with a training set of data including benign data and malicious data; determining a first pattern associated with the content; comparing the first pattern with a second pattern that is associated with one of the benign data and the malicious data; and determining an uncertainty of the classifying based on a distance between the first pattern and the second pattern. The systems and methods can include discarding the classification if the distance is greater than a configurable threshold.