公开(公告)号：US08726392B1

公开(公告)日：2014-05-13

申请号：US13434416

申请日：2012-03-29

申请人： Bruce McCorkendale ,  Xue Feng Tian ,  Sheng Gong ,  Xiaole Zhu ,  Jun Mao ,  Qingchun Meng ,  Ge Hua Huang ,  Wei Guo Eric Hu

发明人： Bruce McCorkendale ,  Xue Feng Tian ,  Sheng Gong ,  Xiaole Zhu ,  Jun Mao ,  Qingchun Meng ,  Ge Hua Huang ,  Wei Guo Eric Hu

IPC分类号： G06F12/14 ,  G06F11/00 ,  G06F12/16 ,  G08B23/00 ,  G06F11/30

CPC分类号： G06F21/52 ,  G06F11/3604 ,  G06F21/56 ,  G06F21/563 ,  G06F21/60

摘要： A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于组合静态和动态代码分析的计算机实现的方法可以包括1）识别待分析的可执行代码以确定可执行代码是否能够泄漏敏感数据，2）执行可执行代码的静态分析以识别一个 或更多的可执行代码可用于传送敏感数据的对象，通过分析可执行代码而不执行可执行代码来执行静态分析; 3）使用静态分析的结果来调整动态分析以跟踪一个或多个 在静态分析期间识别的对象，以及4）在执行可执行代码的同时执行动态分析，跟踪在静态分析期间识别的一个或多个对象，以确定可执行代码是否经由一个或多个对象泄漏敏感数据 。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US08671455B1

公开(公告)日：2014-03-11

申请号：US13240409

申请日：2011-09-22

申请人： Xiaole Zhu ,  Jokul Tian

发明人： Xiaole Zhu ,  Jokul Tian

IPC分类号： H04L29/06 ,  G06F21/00

CPC分类号： H04L63/0245 ,  G06F21/554 ,  H04L63/0227 ,  H04L63/1441

摘要： A method for detecting unintentional information disclosure. The method may include: 1) identifying at least one data access Application Programming Interface (API) programmed to provide access to sensitive information located on a computing device, 2) monitoring attempts to use the data access API, 3) while monitoring attempts to use the data access API, detecting an attempt by an application to access the sensitive information through the data access API, 4) in response to detecting the attempt to access the sensitive information, tracking the sensitive information accessed by the application, 5) detecting an attempt to leak the sensitive information outside of the computing device, and 6) in response to detecting the attempt to leak the sensitive information outside of the computing device, performing a security action.

摘要翻译： 一种检测无意信息披露的方法。 该方法可以包括：1）识别被编程为提供对位于计算设备上的敏感信息的访问的至少一个数据访问应用程序接口（API），2）监视使用数据访问API的尝试，3）同时监视尝试使用 数据访问API，检测应用程序通过数据访问API访问敏感信息的尝试; 4）响应于检测到访问敏感信息的尝试，跟踪由应用访问的敏感信息，5）检测尝试 泄漏计算设备外部的敏感信息，以及6）响应于检测到泄露计算设备外部的敏感信息的尝试，执行安全动作。

公开(公告)号：US09781151B1

公开(公告)日：2017-10-03

申请号：US13271104

申请日：2011-10-11

申请人： Bruce E. McCorkendale ,  Sourabh Satish ,  Xuefeng Tian ,  Jingnan Si ,  Jun Mao ,  Xiaole Zhu ,  Sheng Gong

发明人： Bruce E. McCorkendale ,  Sourabh Satish ,  Xuefeng Tian ,  Jingnan Si ,  Jun Mao ,  Xiaole Zhu ,  Sheng Gong

IPC分类号： G06F11/00 ,  G08B23/00 ,  H04L29/06

CPC分类号： H04L63/1441 ,  G06F21/562 ,  G06F21/567 ,  H04L63/123 ,  H04L63/1408 ,  H04L63/1416

摘要： Techniques for identifying malicious downloadable applications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for identifying malicious downloadable applications comprising receiving a signature of a downloadable application, identifying, using at least one computer processor, a known good application having at least one attribute in common with the downloadable application and having a signature different from the signature of the downloadable application, analyzing the downloadable application to evaluate one or more risk factors based at least in part on the at least one common attribute and the difference in signatures, and determining, based on the evaluated one or more risk factors, one or more responsive actions.

公开(公告)号：US08726386B1

公开(公告)日：2014-05-13

申请号：US13422702

申请日：2012-03-16

申请人： Bruce McCorkendale ,  Xue Feng Tian ,  Sheng Gong ,  Xiaole Zhu ,  Jun Mao ,  Qingchun Meng ,  Guilin Hu ,  Ge Hua Huang

发明人： Bruce McCorkendale ,  Xue Feng Tian ,  Sheng Gong ,  Xiaole Zhu ,  Jun Mao ,  Qingchun Meng ,  Guilin Hu ,  Ge Hua Huang

IPC分类号： G06F11/00

CPC分类号： G06F21/629 ,  G06F21/554 ,  H04W12/12

摘要： A computer-implemented method for detecting malware may include 1) identifying an application configured to use a permission on a mobile computing platform, the permission enabling the application to access a feature of the mobile computing platform, 2) determining that the application is configured to use the permission while executing as a background application on the mobile computing platform, 3) determining that the use of the permission is suspect based on the application being configured to use the permission while executing as the background application, and 4) performing a remediation action in response to determining that the use of the permission is suspect. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于检测恶意软件的计算机实现的方法可以包括：1）识别配置为在移动计算平台上使用许可的应用，允许应用访问移动计算平台的特征的许可，2）确定应用被配置为 在所述移动计算平台上作为后台应用程序执行时，使用所述权限; 3）根据所述应用被配置为在执行所述后台应用时使用所述权限，确定所述权限的使用是可疑的，以及4）执行修复动作 以确定使用权限是可疑的。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US09396498B1

公开(公告)日：2016-07-19

申请号：US13302753

申请日：2011-11-22

申请人： Xiaole Zhu ,  Xue Feng Tian ,  Bruce McCorkendale

发明人： Xiaole Zhu ,  Xue Feng Tian ,  Bruce McCorkendale

IPC分类号： G06F15/16 ,  G06Q50/00 ,  H04L12/58

CPC分类号： G06Q50/01 ,  H04L51/20 ,  H04L51/32

摘要： A computer-implemented method may include facilitating registration for a service capable of determining whether strangers who come in contact with one another share one or more characteristics in common. The computer-implemented method may also include obtaining, as part of the registration for the service, permission for the service to access at least a portion of one or more social-networking accounts associated with each of the strangers. The computer-implemented method may further include determining, subsequent to the registration for the service, that the strangers registered for the service have come in contact with one another and then providing the service to the strangers in response to this determination. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 计算机实现的方法可以包括便于对能够确定彼此接触的陌生人是否共享一个或多个特征的服务的服务的注册。 计算机实现的方法还可以包括获得服务的注册的一部分，该服务允许访问与每个陌生人相关联的一个或多个社交网络帐户的至少一部分。 计算机实现的方法还可以包括在服务注册之后确定为服务注册的陌生人彼此接触，然后响应于该确定向陌生人提供服务。 还公开了各种其它方法，系统和计算机可读介质。