公开(公告)号：US09652362B2

公开(公告)日：2017-05-16

申请号：US14259501

申请日：2014-04-23

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Alexander Gantman ,  Vinay Sridhara

IPC: G06F11/00 ,  G06F11/36 ,  H04L29/06 ,  G06N5/04 ,  G06F21/55 ,  G06F21/56 ,  G06F21/44 ,  G06F21/52 ,  G06N99/00 ,  G06F19/00

CPC classification number: G06F11/3612 ,  G06F19/707 ,  G06F21/44 ,  G06F21/52 ,  G06F21/552 ,  G06F21/562 ,  G06F21/566 ,  G06F2221/034 ,  G06N5/04 ,  G06N5/043 ,  G06N99/005 ,  H04L63/14

Abstract: Methods, and mobile devices implementing the methods, use application-specific and/or application-type specific classifier to improve the efficiency and performance of a comprehensive behavioral monitoring and analysis system predicting whether a software application is causing undesirable or performance depredating behavior. The application-specific and application-type specific classifier models may include a reduced and more focused subset of the decision nodes that are included in a full or more complete classifier model that may be received or generated in the mobile device. The locally generated application-specific and/or application-type specific classifier models may be used to perform real-time behavior monitoring and analysis operations by applying the application-based classifier models to a behavior/feature vector generated by monitoring mobile device behavior. The various aspects focus monitoring and analysis operations on a small number of features that are most important for determining whether operations of a software application are contributing to undesirable or performance depredating behavior.

公开(公告)号：US09578619B2

公开(公告)日：2017-02-21

申请号：US14812440

申请日：2015-07-29

Applicant: QUALCOMM Incorporated

Inventor： Nathan Tenny ,  Rajarshi Gupta

IPC: H04W24/00 ,  H04W64/00 ,  H04W4/02 ,  H04W4/20 ,  H04W84/04

CPC classification number: H04W64/00 ,  H04W4/02 ,  H04W4/20 ,  H04W84/042

Abstract: Techniques are provided which may be implemented using various methods and/or apparatuses for use in providing positioning assistance data to mobile stations. For example, a method in a first server in a cellular network may comprise sending a request for location information to a mobile station. A request for assistance data indicating an address of a second server may be received from the mobile station. Based on this address, a request for local mapping data may be sent to the second server. The local mapping data may be received from the second server. The assistance data based on the local mapping data and identifying a wireless signal transmitter may be sent to the mobile station. The location information, based on the assistance data and on a positioning operation based on a wireless signal transmitted by the identified wireless signal transmitter may be received from the mobile station.

Abstract translation: 提供了可以使用用于向移动台提供定位辅助数据的各种方法和/或设备来实现的技术。 例如，蜂窝网络中的第一服务器中的方法可以包括向移动台发送对位置信息的请求。 可以从移动台接收指示第二服务器的地址的辅助数据请求。 基于该地址，可以向第二服务器发送对本地映射数据的请求。 可以从第二服务器接收本地映射数据。 可以将基于本地映射数据的辅助数据和识别无线信号发送器发送到移动台。 基于辅助数据和基于由所识别的无线信号发送器发送的无线信号的定位操作的位置信息可以从移动台接收。

公开(公告)号：US09519775B2

公开(公告)日：2016-12-13

申请号：US14044937

申请日：2013-10-03

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Salyajit Prabhakar Patne ,  Rajarshi Gupta

IPC: G06F12/14 ,  G06F7/04 ,  G08B29/00 ,  G06F15/177 ,  G06F11/30 ,  G06F21/55 ,  H04W12/12 ,  G06F21/57 ,  H04L29/06 ,  G06F9/445

CPC classification number: G06F21/55 ,  G06F9/44505 ,  G06F21/57 ,  G06F21/577 ,  H04L63/1408 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04W12/12

Abstract: The various aspects include systems and methods for enabling mobile computing devices to recognize when they are at risk of experiencing malicious behavior in the near future given a current configuration. Thus, the various aspects enable mobile computing devices to anticipate malicious behaviors before a malicious behavior begins rather than after the malicious behavior has begun. In the various aspects, a network server may receive behavior vector information from multiple mobile computing devices and apply pattern recognition techniques to the received behavior vector information to identify malicious configurations and pathway configurations that may lead to identified malicious configurations. The network server may inform mobile computing devices of identified malicious configurations and the corresponding pathway configurations, thereby enabling mobile computing devices to anticipate and prevent malicious behavior from beginning by recognizing when they have entered a pathway configuration leading to malicious behavior.

Abstract translation: 各个方面包括系统和方法，用于使移动计算设备能够在给定当前配置的情况下识别何时在不久的将来遇到恶意行为的风险。 因此，各方面使得移动计算设备能够在恶意行为开始之前而不是在恶意行为开始之后预测恶意行为。 在各个方面，网络服务器可以从多个移动计算设备接收行为向量信息，并将模式识别技术应用于接收的行为向量信息，以识别可能导致识别的恶意配置的恶意配置和路由配置。 网络服务器可以向移动计算设备通知所识别的恶意配置和相应的路由配置，从而使得移动计算设备能够通过识别何时进入导致恶意行为的路径配置来开始预测和防止恶意行为。

公开(公告)号：US20160350657A1

公开(公告)日：2016-12-01

申请号：US14726855

申请日：2015-06-01

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Satyajit Prabhakar Patne ,  Suresh Bollapragada

IPC: G06N5/04

CPC classification number: G06N5/04 ,  G06F11/3604

Abstract: Systems, methods, and devices of the various aspects enable method of cross-module behavioral validation. A plurality of observer modules of a system may observe behavior or behaviors of a observed module of the system. Each of the observer modules may generate a behavior representation based on the behavior or behaviors of the observed module. Each observer module may apply the behavior representation to a behavior classifier model suitable for each observer module. The observer modules may aggregate classifications of behaviors of the observed module determined by each of the observer modules. The observer modules may determine, based on the aggregated classification, whether the observed module is behaving anomalously.

Abstract translation: 各个方面的系统，方法和设备都支持跨模块行为验证的方法。 系统的多个观察者模块可以观察系统的观察模块的行为或行为。 每个观察者模块可以基于所观察模块的行为或行为来生成行为表示。 每个观察者模块可以将行为表示应用于适合于每个观察者模块的行为分类器模型。 观察者模块可以聚合由每个观察者模块确定的观察模块的行为的分类。 观察者模块可以基于聚合分类来确定观察到的模块是否是异常行为。

公开(公告)号：US09495537B2

公开(公告)日：2016-11-15

申请号：US13923547

申请日：2013-06-21

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Vinay Sridhara ,  Anil Gathala ,  Xuetao Wei

IPC: G06F21/00 ,  G06F21/50 ,  G06F21/31 ,  G06F21/55

CPC classification number: G06F21/50 ,  G06F21/316 ,  G06F21/552

Abstract: Methods, devices and systems for detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources.

Abstract translation: 用于智能地，动态地和/或自适应地检测待观察的计算设备行为，要观察的行为的数量以及细节或粒度的级别来检测可疑或降级性能的移动设备行为的方法，设备和系统 在那里要观察移动设备的行为。 各个方面有效地识别可疑或降低性能的移动设备行为，而不需要过多的处理，存储器或能量资源。

公开(公告)号：US20160327596A1

公开(公告)日：2016-11-10

申请号：US14705546

申请日：2015-05-06

Applicant: QUALCOMM Incorporated

Inventor： Mastooreh Salajegheh ,  Govindarajan Krishnamurthi ,  Mihai Christodorescu ,  Rajarshi Gupta ,  Vinay Sridhara ,  Patrick Hughes

IPC: G01R29/08 ,  G01R31/00

CPC classification number: G01R29/0814 ,  G01R29/0892 ,  G01R31/001 ,  G01R31/002

Abstract: Systems, methods, and devices of the various aspects enable detecting anomalous electromagnetic (EM) emissions from among a plurality of electronic devices. A device processor may receive EM emissions of a plurality of electronic devices, wherein the receiving device has no previous information about any of the plurality of electronic devices. The device processor may cross-correlate the EM emissions of the plurality of electronic devices over time. The device processor may identify a difference of the cross-correlated EM emissions from earlier cross-correlated EM emissions. The device processor may determine that the difference of the cross-correlated EM emissions from the earlier cross-correlated EM emissions indicates an anomaly in one or more of the plurality of electronic devices.

Abstract translation: 各方面的系统，方法和装置能够检测多个电子设备中的异常电磁（EM）发射。 设备处理器可以接收多个电子设备的EM发射，其中接收设备没有关于多个电子设备中的任何一个的先前的信息。 设备处理器可以随着时间使得多个电子设备的EM发射互相关联。 器件处理器可以识别来自先前的相互关联的EM发射的相互关联的EM发射的差异。 设备处理器可以确定来自较早的交叉相关EM发射的交叉相关EM发射的差异指示多个电子设备中的一个或多个中的异常。

公开(公告)号：US20160253498A1

公开(公告)日：2016-09-01

申请号：US14837936

申请日：2015-08-27

Applicant: QUALCOMM Incorporated

Inventor： Andres Valencia ,  Vinay Sridhara ,  Yin Chen ,  Rajarshi Gupta

IPC: G06F21/55 ,  G06N99/00 ,  G06F21/57

CPC classification number: G06F21/554 ,  G06F21/55 ,  G06F21/566 ,  G06F21/577 ,  G06F2221/034 ,  G06N99/005

Abstract: Various aspects include methods and computing devices implementing the methods for evaluating device behaviors in the computing devices. Aspect methods may include using a behavior-based machine learning technique to classify a device behavior as one of benign, suspicious, and non-benign. Aspect methods may include using one of a multi-label classification and a meta-classification technique to sub-classify the device behavior into one or more sub-categories. Aspect methods may include determining a relative importance of the device behavior based on the sub-classification, and determining whether to perform robust behavior-based operations based on the determined relative importance of the device behavior.

Abstract translation: 各方面包括实现用于评估计算设备中的设备行为的方法的方法和计算设备。 Aspect方法可能包括使用基于行为的机器学习技术将设备行为分类为良性，可疑和非良性之一。 方面方法可以包括使用多标签分类和元分类技术之一来将设备行为分类为一个或多个子类别。 方面方法可以包括基于子分类来确定设备行为的相对重要性，以及基于所确定的设备行为的相对重要性来确定是否执行鲁棒的基于行为的操作。

公开(公告)号：US20160253497A1

公开(公告)日：2016-09-01

申请号：US14632652

申请日：2015-02-26

Applicant: QUALCOMM Incorporated

Inventor： Mihai Christodorescu ,  Charles Bergan ,  Rajarshi Gupta ,  Satyajit Prabhakar Patne ,  Sumita Rao

IPC: G06F21/55 ,  G06F21/56

CPC classification number: G06F21/554 ,  G06F21/52 ,  G06F21/566

Abstract: Aspects include computing devices, systems, and methods for implementing detecting return oriented programming (ROP) attacks on a computing device. A memory traversal map for a program called to run on the computing device may be loaded. A memory access request of the program to a memory of the computing device may be monitored and a memory address of the memory from the memory access request may be retrieved. The retrieved memory address may be compared to the memory traversal map and a determination of whether the memory access request indicates a ROP attack may be made. The memory traversal map may include a next memory address adjacent to a previous memory address in the memory traversal map. A cumulative anomaly score based on mismatches between the retrieved memory address and the memory traversal map may be calculated and used to determine whether to load a finer grain memory traversal map.

Abstract translation: 方面包括用于在计算设备上实现检测返回定向编程（ROP）攻击的计算设备，系统和方法。 可以加载被称为在计算设备上运行的程序的存储器遍历映射。 可以监视程序对计算设备的存储器的存储器访问请求，并且可以检索来自存储器访问请求的存储器的存储器地址。 可以将检索的存储器地址与存储器遍历映射进行比较，并且可以确定存储器访问请求是否指示ROP攻击。 存储器遍历映射可以包括与存储器遍历映射中的先前存储器地址相邻的下一个存储器地址。 可以计算基于检索的存储器地址和存储器遍历映射之间的不匹配的累积异常得分，并用于确定是否加载更精细的存储器遍历映射。

公开(公告)号：US20160143065A1

公开(公告)日：2016-05-19

申请号：US15004658

申请日：2016-01-22

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Saumitra Mohan Das ,  Douglas Neal Rowitch ,  Vinay Sridhara

IPC: H04W76/00 ,  H04W4/22 ,  H04W4/04

CPC classification number: H04W76/50 ,  G01S5/02 ,  H04W4/023 ,  H04W4/04 ,  H04W4/90 ,  H04W64/003 ,  H04W84/005 ,  H04W84/045

Abstract: Described are devices, methods, techniques and systems for locating a portable services access transceiver (PSAT) for use in aiding emergency “911” services. In one implementation, one or more conditions indicative of movement of a PSAT may initiate a process for obtaining a new estimated location of the PSAT. In another implementation, a location of a PSAT may be determined or updated using indoor navigation techniques.

Abstract translation: 描述了用于定位用于辅助紧急“911”服务的便携式服务接入收发器（PSAT）的设备，方法，技术和系统。 在一个实现中，指示PSAT的移动的一个或多个条件可以启动用于获得PSAT的新估计位置的过程。 在另一实现中，可以使用室内导航技术来确定或更新PSAT的位置。

公开(公告)号：US09324034B2

公开(公告)日：2016-04-26

申请号：US13773247

申请日：2013-02-21

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Xuetao Wei ,  Anil Gathala ,  Vinay Sridhara

IPC: G06N99/00 ,  G06N5/04

CPC classification number: G06N99/005 ,  G06N5/043

Abstract: Methods, systems and devices for generating data models in a communication system may include applying machine learning techniques to generate a first family of classifier models using a boosted decision tree to describe a corpus of behavior vectors. Such behavior vectors may be used to compute a weight value for one or more nodes of the boosted decision tree. Classifier models factors having a high probably of determining whether a mobile device behavior is benign or not benign based on the computed weight values may be identified. Computing weight values for boosted decision tree nodes may include computing an exclusive answer ratio for generated boosted decision tree nodes. The identified factors may be applied to the corpus of behavior vectors to generate a second family of classifier models identifying fewer factors and data points relevant for enabling the mobile device to determine whether a behavior is benign or not benign.

Abstract translation: 用于在通信系统中生成数据模型的方法，系统和设备可以包括应用机器学习技术来生成使用加强的决策树来描述行为矢量语料库的分类器模型的第一族。 可以使用这样的行为矢量来计算升压决策树的一个或多个节点的权重值。 可以识别分类器模型的因素，其可能基于所计算的权重值来确定移动设备行为是良性还是不良性。 用于升压的决策树节点的计算权重值可以包括计算生成的升压决策树节点的独占应答比率。 识别的因素可以应用于行为矢量语料库以产生第二类分类器模型，其识别与使移动设备能够确定行为是良性还是不良性相关的较少因素和数据点。