Abstract: A method and system for updating and applying a ruleset used for determining and mitigating malware threats. Communications of computing devices are monitored and first data file extracted. A first and second set of features are extracted. A first rule is applied to the first set of features of the first data file to determine a non-match. A second rule is applied to the second set of features to determine a match. A third rule is generated based on the first set of features, non-match, and match. Communications of a particular computing device are monitored and second data file extracted. A first set of features of the second data file are extracted. The third rule is applied to the first set of features of the second data file to determine a match. The second data file is disabled, blocked, or deleted based the match determination by the third rule.

Abstract: A method includes enabling a messaging server and providing credentials for the messaging server. A computing system is enabled and a malware application is received by the computing system. The malware application is executed by the computing system. The credentials are rendered accessible to the malware application via the computing system, and the malware application is enabled to transmit the credentials via network transmission from the computing system to a computer. An actor is enabled to access the messaging server over a network in response to the actor applying the credentials, and a first electronic message transmitted by the actor is received by the messaging server, the first electronic message including first content.

Abstract: A malware classification is generated for an input data set with a human-readable explanation of the classification. An input data set having a hierarchical structure is received in a neural network that has an architecture based on a schema determined from a plurality of second input data sets and that is trained to classify received input data sets into one or more of a plurality of classes. An explanation is provided with the output of the neural network, the explanation comprising a subset of at least one input data set that caused the at least one input data set to be classified into a certain class using the schema of the generated neural network. The explanation may further be derived from the statistical contribution of one or more features of the input data set that caused the at least one input data set to be classified into a certain class.