Abstract: A method of generating receiving a valid domain name comprises evaluating a received valid domain name in a neural network trained to generate similar domain names, and providing an output comprising at least one domain name similar to the received valid domain name generated by the neural network. In a further example, a recurrent neural network is trained using valid domain names and observed malicious similar domain names and/or linguistic rules. In another example, the output of the recurrent neural network further comprises a similarity score reflecting a degree of similarity between the valid domain name and the similar domain name, such that the similarity score can be used to generate a ranked list of domain names similar to the valid domain name.

Abstract: A method of identifying malicious activity in a computer data sequence includes providing provided the computer data sequence to a network configured to convert the computer data sequence from a high-dimensional space to a low-dimensional space, and processing the computer data sequence in the low-dimensional space to generate an approximately Gaussian distribution. The processed computer data sequence converted to the low dimensional space is evaluated relative to the approximately Gaussian distribution to determine whether the computer data sequence is likely malicious or likely benign, and an output is provided indicating whether the computer data sequence is likely malicious or likely benign.

Abstract: A method of generating receiving a valid domain name comprises evaluating a received valid domain name in a neural network trained to generate similar domain names, and providing an output comprising at least one domain name similar to the received valid domain name generated by the neural network. In a further example, a recurrent neural network is trained using valid domain names and observed malicious similar domain names and/or linguistic rules. In another example, the output of the recurrent neural network further comprises a similarity score reflecting a degree of similarity between the valid domain name and the similar domain name, such that the similarity score can be used to generate a ranked list of domain names similar to the valid domain name.

Abstract: Minimizing the latency of on-device detection of malicious executable files, without sacrificing accuracy, by applying a machine learning model to an executable file in quantized steps. Allowing a threshold confidence level to be set to different values enables controlling the tradeoff between accuracy and latency in generating a confidence level indicative of whether the executable file includes malware.

Abstract: A method of identifying malicious activity in a computer data sequence includes providing provided the computer data sequence to a network configured to convert the computer data sequence from a high-dimensional space to a low-dimensional space, and processing the computer data sequence in the low-dimensional space to generate an approximately Gaussian distribution. The processed computer data sequence converted to the low dimensional space is evaluated relative to the approximately Gaussian distribution to determine whether the computer data sequence is likely malicious or likely benign, and an output is provided indicating whether the computer data sequence is likely malicious or likely benign.

Abstract: A method of identifying malicious activity in a sequence of computer instructions includes providing the sequence of computer instructions into a recurrent neural network configured to provide an output based on both the current instruction being input and at least one prior instruction in the sequence, and evaluating the provided sequence of computer instructions in the recurrent neural network at multiple points within the sequence. An output is provided indicating whether the network has determined the code sequence to that point is likely malicious.

Abstract: Minimizing the latency of on-device detection of malicious executable files, without sacrificing accuracy, by applying a machine learning model to an executable file in quantized steps. Allowing a threshold confidence level to be set to different values enables controlling the tradeoff between accuracy and latency in generating a confidence level indicative of whether the executable file includes malware.