公开(公告)号：US09607146B2

公开(公告)日：2017-03-28

申请号：US14030053

申请日：2013-09-18

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Sudha Anil Kumar Gathala ,  Rajarshi Gupta

IPC: G06F21/00 ,  G06F21/55 ,  G06F21/56

CPC classification number: G06F21/552 ,  G06F21/566

Abstract: Methods, devices and systems for detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources.

公开(公告)号：US09349001B2

公开(公告)日：2016-05-24

申请号：US13749948

申请日：2013-01-25

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Rajarshi Gupta ,  Saumitra Das

IPC: G06F21/55 ,  G06F21/56 ,  G06F11/14 ,  G06F11/30 ,  H04W52/02 ,  H04W24/08 ,  G06F11/34 ,  H04W12/12 ,  H04W88/02 ,  H04L29/06

CPC classification number: G06F21/552 ,  G06F11/1433 ,  G06F11/1458 ,  G06F11/3006 ,  G06F11/3082 ,  G06F11/3409 ,  G06F11/3466 ,  G06F11/3476 ,  G06F21/554 ,  G06F21/56 ,  G06F2201/86 ,  G06N99/005 ,  H04L63/1433 ,  H04W12/12 ,  H04W24/08 ,  H04W52/0251 ,  H04W52/0258 ,  H04W88/02 ,  Y02D10/34 ,  Y02D70/1242 ,  Y02D70/1262 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/164 ,  Y02D70/166 ,  Y02D70/21 ,  Y02D70/22

Abstract: The various aspects include methods, systems, and devices configured to make use of caching techniques and behavior signature caches to improve processor performance and/or reduce the amount of power consumed by the computing device by reducing analyzer latency. The signature caching system may be configured to adapt to rapid and frequent changes in behavioral specifications and models and provide a multi-fold improvement in the scalability of behavioral analysis operations performed on the mobile device.

Abstract translation: 各个方面包括被配置为利用缓存技术和行为签名高速缓存来提高处理器性能和/或通过减少分析器延迟来减少计算设备消耗的功率量的方法，系统和设备。 签名缓存系统可以被配置为适应行为规范和模型中的快速和频繁的改变，并且提供在移动设备上执行的行为分析操作的可扩展性的多重改进。

公开(公告)号：US20150082441A1

公开(公告)日：2015-03-19

申请号：US14028914

申请日：2013-09-17

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Vinay Sridhara ,  Rajarshi Gupta

IPC: G06F9/54 ,  G06F21/55

CPC classification number: G06F9/541 ,  G06F21/566 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2151 ,  H04L63/1441 ,  H04W12/12

Abstract: Methods and devices for detecting suspicious or performance-degrading mobile device behaviors may include performing behavior monitoring and analysis operations to intelligently, dynamically, and/or adaptively determine the mobile device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the behaviors are to be observed. Such behavior monitoring and analysis operations may be performed continuously (or near continuously) in a mobile device without consuming an excessive amount of processing, memory, or energy resources of the mobile device by identifying hot application programming interfaces (APIs) and hot action patterns that are invoked or used most frequently by software applications of the mobile device and storing information regarding these hot APIs and hot action patterns separately and more efficiently.

Abstract translation: 用于检测可疑或降低性能的移动设备行为的方法和设备可以包括执行行为监视和分析操作以智能地，动态地和/或自适应地确定要观察的移动设备行为，将被观察的行为的数量 ，以及要观察行为的细节或粒度级别。 这样的行为监视和分析操作可以在移动设备中连续（或接近连续地）执行，而不需要消耗移动设备的过多量的处理，存储器或能量资源，通过识别热应用编程接口（API）和热动作模式， 被移动设备的软件应用最频繁地调用或使用，并且分别且更有效地存储关于这些热API和热动作模式的信息。

公开(公告)号：US20150082430A1

公开(公告)日：2015-03-19

申请号：US14030053

申请日：2013-09-18

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Sudha Anil Kumar Gathala ,  Rajarshi Gupta

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F21/566

Abstract: Methods, devices and systems for detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources.

Abstract translation: 用于智能地，动态地和/或自适应地检测待观察的计算设备行为，要观察的行为的数量以及细节或粒度的级别来检测可疑或降级性能的移动设备行为的方法，设备和系统 在那里要观察移动设备的行为。 各个方面有效地识别可疑或降低性能的移动设备行为，而不需要过多的处理，存储器或能量资源。

公开(公告)号：US10333965B2

公开(公告)日：2019-06-25

申请号：US15262858

申请日：2016-09-12

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Saumitra Mohan Das ,  Nayeem Islam ,  Dallas James Wiener ,  Hugo Romero ,  Harold Gilkey ,  Giridhar Mandyam

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/57

Abstract: Methods, and computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device. The server device may be configured to receive reports from the client computing devices, receive threat feeds from third-party servers (e.g., threat intelligence servers, etc.), and use information included in the received threat feed and information included in the received reports to analyze, in the server computing device, a software application that is operating on a client device in multiple passes. The server may generate threat scores (e.g., one for each pass, etc.), and the threat scores to the client computing device for use in devising a customized security response.

公开(公告)号：US10095305B2

公开(公告)日：2018-10-09

申请号：US15186444

申请日：2016-06-18

Applicant: QUALCOMM Incorporated

Inventor： Sriram Nandha Premnath ,  Sudha Anil Kumar Gathala ,  Saumitra Mohan Das

IPC: G06F1/32 ,  G06F9/50 ,  G06F9/48 ,  H04W52/02

Abstract: Embodiments include computing devices, apparatus, and methods implemented by the apparatus for implementing wake lock aware scheduling. The apparatus may receive a wake lock request by a wake lock profiler and acquire wake lock information of a wake lock event associated with the wake lock request. The wake lock information may include a wake lock time parameter. The apparatus may send a hint having the wake lock time parameter. The apparatus may receive the hint, determine whether ready jobs can execute during the wake lock event, and send a request for permission to schedule the ready jobs for execution during the wake lock event in response to determining that the ready jobs can execute during the wake lock event.

公开(公告)号：US09965374B2

公开(公告)日：2018-05-08

申请号：US15248803

申请日：2016-08-26

Applicant: QUALCOMM Incorporated

Inventor： Minjang Kim ,  Joel Galenson ,  Sudha Anil Kumar Gathala

IPC: G06F9/44 ,  G06F11/36

CPC classification number: G06F11/3604 ,  G06F9/322 ,  G06F21/54

Abstract: Embodiments include computing devices, apparatus, and methods implemented by the apparatus for implementing profile guided indirect jump checking on a computing device, including encountering an indirect jump location of implementing an indirect jump during execution of a program, identifying an indirect jump target of the indirect jump, determining whether the indirect jump location and the indirect jump target are associated in a profile guided indirect jump table, and determining whether the indirect jump location and the indirect jump target are associated in a compiler guided indirect jump table in response to determining that the indirect jump location and the indirect jump target are not associated in the profile guided indirect jump table.

公开(公告)号：US20180077195A1

公开(公告)日：2018-03-15

申请号：US15262858

申请日：2016-09-12

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Saumitra Mohan Das ,  Nayeem Islam ,  Dallas James Wiener ,  Hugo Romero ,  Harold Gilkey ,  Giridhar Mandyam

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  G06F21/53 ,  G06F21/577 ,  G06F2221/2115 ,  G06F2221/2139 ,  H04L63/1433 ,  H04L63/20 ,  H04W12/1208

Abstract: Methods, and computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device. The server device may be configured to receive reports from the client computing devices, receive threat feeds from third-party servers (e.g., threat intelligence servers, etc.), and use information included in the received threat feed and information included in the received reports to analyze, in the server computing device, a software application that is operating on a client device in multiple passes. The server may generate threat scores (e.g., one for each pass, etc.), and the threat scores to the client computing device for use in devising a customized security response.

公开(公告)号：US20180060569A1

公开(公告)日：2018-03-01

申请号：US15249110

申请日：2016-08-26

Applicant: QUALCOMM Incorporated

Inventor： Minjang Kim ,  Dong Li ,  Sudha Anil Kumar Gathala

IPC: G06F21/55 ,  G06F21/52

Abstract: Methods, systems, and devices detect and block execution of malicious shell commands requested by a software application. Various embodiments may include receiving a request from a software application to execute a shell command and simulating execution of the shell command to produce execution behavior information. The computing device may analyze system activities to produce execution context information and generate an execution behavior vector based, at least in part, on the execution behavior information and the execution context information. The computing device may use a behavior classifier model to determine whether the shell command is malicious. In response to determining that the shell command is malicious, the computing device may block execution of the shell command.

公开(公告)号：US20180060209A1

公开(公告)日：2018-03-01

申请号：US15248803

申请日：2016-08-26

Applicant: QUALCOMM Incorporated

Inventor： Minjang Kim ,  Joel Galenson ,  Sudha Anil Kumar Gathala

IPC: G06F11/36

CPC classification number: G06F11/3604 ,  G06F9/322 ,  G06F21/54

Abstract: Embodiments include computing devices, apparatus, and methods implemented by the apparatus for implementing profile guided indirect jump checking on a computing device, including encountering an indirect jump location of implementing an indirect jump during execution of a program, identifying an indirect jump target of the indirect jump, determining whether the indirect jump location and the indirect jump target are associated in a profile guided indirect jump table, and determining whether the indirect jump location and the indirect jump target are associated in a compiler guided indirect jump table in response to determining that the indirect jump location and the indirect jump target are not associated in the profile guided indirect jump table.