-
1.发明授权公开(公告)号:US08806644B1
公开(公告)日:2014-08-12
申请号:US13481715
申请日:2012-05-25
申请人: Bruce McCorkendale , Jun Mao
发明人: Bruce McCorkendale , Jun Mao
CPC分类号: H04L63/1416
摘要: An application is analyzed, thereby detecting behaviors of the application. Data indicative of the functionality of the application is mined from a plurality of sources. The application is categorized based on the mined data. The categorization of the application indicates expected application behaviors. Multiple categories can be assigned to the application, wherein each assigned category correlates with at least one expected application behavior. Measures of consistency between the detected behaviors of the application and the expected behaviors of the application are determined. Determining the measures of consistency comprises quantifying differences between detected behaviors of the application and expected behaviors of the application. Responsive to the determined measures of consistency, it is adjudicated whether the application is suspect of being malicious.
摘要翻译: 分析应用程序,从而检测应用程序的行为。 表示应用程序的功能的数据是从多个来源开采的。 应用程序根据开采的数据进行分类。 应用程序的分类表明预期的应用行为。 可以将多个类别分配给应用,其中每个分配的类别与至少一个预期的应用行为相关。 确定应用程序检测到的行为与应用程序的预期行为之间的一致性度量。 确定一致性的措施包括量化应用程序的检测行为与应用程序的预期行为之间的差异。 针对确定的一致性措施,判定应用程序是否被怀疑是恶意的。
-
公开(公告)号:US08732834B2
公开(公告)日:2014-05-20
申请号:US13604422
申请日:2012-09-05
申请人: Jun Mao , Bruce McCorkendale , Barry Laffoon , Abubakar Wawda
发明人: Jun Mao , Bruce McCorkendale , Barry Laffoon , Abubakar Wawda
CPC分类号: G06F21/57 , G06F21/554
摘要: A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于检测非法应用的计算机实现的方法可以包括:1)识别计算系统上的应用的安装; 2)响应于识别应用的安装,确定至少一个在计算上具有特权访问的系统文件 系统在安装应用程序之前已经改变,3)至少部分地基于应用程序的安装时间相对于系统文件的更改时间确定该应用是非法的,以及4)执行一个 响应确定应用程序是非法的,对应用程序进行修复操作。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US20140068767A1
公开(公告)日:2014-03-06
申请号:US13604422
申请日:2012-09-05
申请人: Jun Mao , Bruce McCorkendale , Barry Laffoon , Abubakar Wawda
发明人: Jun Mao , Bruce McCorkendale , Barry Laffoon , Abubakar Wawda
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , G06F21/554
摘要: A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于检测非法应用的计算机实现的方法可以包括:1)识别计算系统上的应用的安装; 2)响应于识别应用的安装,确定至少一个在计算上具有特权访问的系统文件 系统在安装应用程序之前已经改变,3)至少部分地基于应用程序的安装时间相对于系统文件的更改时间确定该应用是非法的,以及4)执行一个 响应确定应用程序是非法的,对应用程序进行修复操作。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US08984632B1
公开(公告)日:2015-03-17
申请号:US13619978
申请日:2012-09-14
申请人: Barry Laffoon , Abubakar Wawda , Jun Mao , Bruce McCorkendale
发明人: Barry Laffoon , Abubakar Wawda , Jun Mao , Bruce McCorkendale
IPC分类号: H04L29/06
CPC分类号: H04W4/14 , H04L63/1425 , H04L67/22 , H04L67/34 , H04W12/12
摘要: A computer-implemented method for identifying malware is described. Event data is received from a mobile device. The event data including events performed on the mobile device and a list of one or more applications. The list of the one or more applications is compared with at least one additional list of applications received from at least one additional mobile device. An application in common across the lists of applications is identified. The identification of the application in common to is transmitted to the mobile device.
摘要翻译: 描述了用于识别恶意软件的计算机实现的方法。 从移动设备接收事件数据。 事件数据包括在移动设备上执行的事件以及一个或多个应用的列表。 将一个或多个应用的列表与从至少一个附加移动设备接收的至少一个附加应用列表进行比较。 识别应用程序列表中的共同应用程序。 共同的应用程序的标识被传送到移动设备。
-
公开(公告)号:US08726392B1
公开(公告)日:2014-05-13
申请号:US13434416
申请日:2012-03-29
申请人: Bruce McCorkendale , Xue Feng Tian , Sheng Gong , Xiaole Zhu , Jun Mao , Qingchun Meng , Ge Hua Huang , Wei Guo Eric Hu
发明人: Bruce McCorkendale , Xue Feng Tian , Sheng Gong , Xiaole Zhu , Jun Mao , Qingchun Meng , Ge Hua Huang , Wei Guo Eric Hu
CPC分类号: G06F21/52 , G06F11/3604 , G06F21/56 , G06F21/563 , G06F21/60
摘要: A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于组合静态和动态代码分析的计算机实现的方法可以包括1)识别待分析的可执行代码以确定可执行代码是否能够泄漏敏感数据,2)执行可执行代码的静态分析以识别一个 或更多的可执行代码可用于传送敏感数据的对象,通过分析可执行代码而不执行可执行代码来执行静态分析; 3)使用静态分析的结果来调整动态分析以跟踪一个或多个 在静态分析期间识别的对象,以及4)在执行可执行代码的同时执行动态分析,跟踪在静态分析期间识别的一个或多个对象,以确定可执行代码是否经由一个或多个对象泄漏敏感数据 。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US08726386B1
公开(公告)日:2014-05-13
申请号:US13422702
申请日:2012-03-16
申请人: Bruce McCorkendale , Xue Feng Tian , Sheng Gong , Xiaole Zhu , Jun Mao , Qingchun Meng , Guilin Hu , Ge Hua Huang
发明人: Bruce McCorkendale , Xue Feng Tian , Sheng Gong , Xiaole Zhu , Jun Mao , Qingchun Meng , Guilin Hu , Ge Hua Huang
IPC分类号: G06F11/00
CPC分类号: G06F21/629 , G06F21/554 , H04W12/12
摘要: A computer-implemented method for detecting malware may include 1) identifying an application configured to use a permission on a mobile computing platform, the permission enabling the application to access a feature of the mobile computing platform, 2) determining that the application is configured to use the permission while executing as a background application on the mobile computing platform, 3) determining that the use of the permission is suspect based on the application being configured to use the permission while executing as the background application, and 4) performing a remediation action in response to determining that the use of the permission is suspect. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于检测恶意软件的计算机实现的方法可以包括:1)识别配置为在移动计算平台上使用许可的应用,允许应用访问移动计算平台的特征的许可,2)确定应用被配置为 在所述移动计算平台上作为后台应用程序执行时,使用所述权限; 3)根据所述应用被配置为在执行所述后台应用时使用所述权限,确定所述权限的使用是可疑的,以及4)执行修复动作 以确定使用权限是可疑的。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US09734037B1
公开(公告)日:2017-08-15
申请号:US12560328
申请日:2009-09-15
CPC分类号: G06F11/3466 , G06F11/3409 , G06F11/3476
摘要: Applications on a mobile device are sampled for detecting applications causing performance problems on the device. The method includes periodically logging performance information for a mobile device suspected to be having performance problems. The method further includes periodically logging identifying information about multiple applications on the mobile device. The method also includes periodically providing to a security server the logged performance information for the mobile device and the logged identifying information about the applications. In addition, the method includes, in response to a request from the security server for more information about one of the applications, providing a copy of the application to the security server for analysis of the impact by the application on performance of the mobile device. The method can further include receiving from the security server an indication that the application for which the copy was provided is causing a performance problem on the mobile device.
-
公开(公告)号:US09450960B1
公开(公告)日:2016-09-20
申请号:US12265157
申请日:2008-11-05
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/53 , G06F21/568 , G06F21/6218 , H04L63/102 , H04L63/1416
摘要: A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.
摘要翻译: 一种方法包括创建包括远程文件系统,文件系统服务和安全应用程序的虚拟机。 在未知的恶意代码爆发时,访问远程文件系统受到安全应用程序的限制。 对威胁的了解越多,对文件系统的限制越准确,从而将对文件系统的用户的影响降到绝对最小。
-
9.发明授权Method and apparatus for aggregating notices and alerts into an aggregate machine readable feed 有权用于将通知和警报聚合到聚合机器可读进给中的方法和装置公开(公告)号:US08849922B1
公开(公告)日:2014-09-30
申请号:US11864873
申请日:2007-09-28
申请人: Bruce McCorkendale , Shaun Cooley
发明人: Bruce McCorkendale , Shaun Cooley
IPC分类号: G06F15/16
CPC分类号: H04L12/1895 , H04L51/16
摘要: A method and apparatus for aggregating notices and alerts (alerts) into an aggregate machine readable feed wherein the alerts are retrieved from various information sources. One embodiment of the invention is a method and apparatus providing an alert via an aggregate machine readable feed, comprising receiving an alert from various information sources, converting the retrieved alert into an aggregate machine readable format, and placing the aggregate machine readable formatted alert into an aggregate machine readable feed.
摘要翻译: 一种用于将通知和警报(警报)聚合到聚合机器可读进给中的方法和装置,其中从各种信息源检索警报。 本发明的一个实施例是一种通过聚合机器可读进给提供警报的方法和装置,包括从各种信息源接收警报,将所检索到的警报转换为聚合机器可读格式,以及将集合机器可读格式化警报放入 聚合机器可读进给。
-
公开(公告)号:US08762229B1
公开(公告)日:2014-06-24
申请号:US11959439
申请日:2007-12-18
申请人: Brian Hernacki , Bruce McCorkendale , Shaun Cooley
发明人: Brian Hernacki , Bruce McCorkendale , Shaun Cooley
IPC分类号: G06Q30/00
CPC分类号: G06Q30/0633
摘要: A parental policy is enforced for online purchases. A parent enters a parental policy indicating items that are prohibited for a child. When the child attempts to add an item to a wish list, it is determined whether the item is permitted according to the policy. If so, the addition of the item to the wish list is allowed to proceed. If the policy prohibits the item, the addition of the item to the wish list is blocked. Additionally, the parent can be informed (via email, telephone, etc.) of the attempt to add the item to the wish list. The same logic can be applied to attempts to purchase items for children, or attempts to purchase items by children.
摘要翻译: 强制执行家长政策进行网上购物。 父母输入父母政策,指示禁止孩子使用的项目。 当孩子尝试将项目添加到愿望清单中时,根据策略确定项目是否被允许。 如果是这样,则允许将项目添加到愿望清单中。 如果该政策禁止该项目,该项目添加到愿望清单将被阻止。 此外,父母可以通过(通过电子邮件,电话等)通知尝试将项目添加到愿望清单。 相同的逻辑可以应用于为儿童购买物品的尝试,或尝试购买儿童的物品。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.02 秒)
