Abstract: Minimizing the latency of on-device detection of malicious executable files, without sacrificing accuracy, by applying a machine learning model to an executable file in quantized steps. Allowing a threshold confidence level to be set to different values enables controlling the tradeoff between accuracy and latency in generating a confidence level indicative of whether the executable file includes malware.

Abstract: Systems and methods observe and classify device events. A model containing a set of features to be observed can be determined based on machine learning and training methods. A client application can issue a transaction request to an operating system service. A determination can be made whether the operating system service, a method associated with the transaction request, and the client application are currently being observed. In response to determining that the operating system service, a method associated with the transaction request, and the client application are being observed, a behavioral vector associated with the client application can be modified to indicate that the feature represented by the method is associated with the client application. The behavioral vector can be used to determine if the client application is malware.

Abstract: Minimizing the latency of on-device detection of malicious executable files, without sacrificing accuracy, by applying a machine learning model to an executable file in quantized steps. Allowing a threshold confidence level to be set to different values enables controlling the tradeoff between accuracy and latency in generating a confidence level indicative of whether the executable file includes malware.

Abstract: Systems and methods observe and classify device events. A model containing a set of features to be observed can be determined based on machine learning and training methods. A client application can issue a transaction request to an operating system service. A determination can be made whether the operating system service, a method associated with the transaction request, and the client application are currently being observed. In response to determining that the operating system service, a method associated with the transaction request, and the client application are being observed, a behavioral vector associated with the client application can be modified to indicate that the feature represented by the method is associated with the client application. The behavioral vector can be used to determine if the client application is malware.