Abstract: Systems and methods for detecting malicious or potenitally malicious script data are provided. Script data is extracted from a data stream at the network level and emulated in a controlled environment. Based upon a comparison of features extracted from emulation of the script to a set of heuristics, malicious script data can be identified for further analysis or processing.

Abstract: A system and method for batched, supervised, in-situ machine learning classifier retraining for malware identification and model heterogeneity.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a system and method for detecting malware using multi-stage file-typing and, optionally pre-processing, with fall-through options.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a system and method for detecting malware using multi-stage file-typing and, optionally pre-processing, with fall-through options.

Abstract: Digital object library management systems and methods for machine learning applications are taught herein.

Abstract: A system and method for batched, supervised, in-situ machine learning classifier retraining for malware identification and model heterogeneity.

Abstract: A system and method for batched, supervised, in-situ machine learning classifier retraining for malware identification and model heterogeneity.

Abstract: Described herein are embodiments of a system and method for network data characterization and/or classification that overcome the defects of the prior art. These and other advantages are achieved by a method for network data characterization.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a method for improved zero-day malware detection that receives a set of training files which are each known to be either malign or benign, partitions the set of training files into a plurality of categories, and trains category-specific classifiers that distinguish between malign and benign files in a category of files. The training may include selecting one of the plurality of categories of training files, identifying features present in the training files in the selected category of training files, evaluating the identified features to determine the identified features most effective at distinguishing between malign and benign files, and building a category-specific classifier based on the evaluated features. Embodiments also include by a system and computer-readable medium with instructions for executing the above method.