Patent attributes
The disclosed computer-implemented method for detecting malware based on event dependencies may include (1) applying, to a malware detection system capable of analyzing event dependencies, an event sequence derived from the execution of an application, (2) obtaining, from the malware detection system, a malware confidence score for the event sequence which the malware detection system calculates after a certain event within the event sequence has executed based at least in part on one or more dependencies between the certain event and at least one other event within the event sequence, (3) determining that the malware confidence score exceeds a threshold, and (4) classifying the application as malicious in response to determining that the malware confidence score exceeds the threshold. Various other methods, systems, and computer-readable media are also disclosed.