SYSTEM AND METHOD FOR AUTOMATED MACHINE-LEARNING, ZERO-DAY MALWARE DETECTION

摘要

Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a system and method for detecting malware using multi-stage file-typing and, optionally pre-processing, with fall-through options. The system and method receive a set of training files which are each known to be either malign or benign, partition the set of training files into a plurality of categories based on file-type, in which the partitioning file-types a subset of the training files into supported file-type categories, train file-type specific classifiers that distinguish between malign and benign files for the supported file-type categories of files, associate supported file-types with a file-type processing chain that includes a plurality of file-type specific classifiers corresponding to the supported file-types, train a generic file-type classifier that applies to file-types that are not supported file-types, and construct a composite classifier using the file-type specific classifiers and the generic file-type classifier.