Systems and methods for detecting malware
    1.
    发明授权
    Systems and methods for detecting malware 有权
    用于检测恶意软件的系统和方法

    公开(公告)号:US08726386B1

    公开(公告)日:2014-05-13

    申请号:US13422702

    申请日:2012-03-16

    IPC分类号: G06F11/00

    摘要: A computer-implemented method for detecting malware may include 1) identifying an application configured to use a permission on a mobile computing platform, the permission enabling the application to access a feature of the mobile computing platform, 2) determining that the application is configured to use the permission while executing as a background application on the mobile computing platform, 3) determining that the use of the permission is suspect based on the application being configured to use the permission while executing as the background application, and 4) performing a remediation action in response to determining that the use of the permission is suspect. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于检测恶意软件的计算机实现的方法可以包括:1)识别配置为在移动计算平台上使用许可的应用,允许应用访问移动计算平台的特征的许可,2)确定应用被配置为 在所述移动计算平台上作为后台应用程序执行时,使用所述权限; 3)根据所述应用被配置为在执行所述后台应用时使用所述权限,确定所述权限的使用是可疑的,以及4)执行修复动作 以确定使用权限是可疑的。 还公开了各种其它方法,系统和计算机可读介质。

    Systems and methods for combining static and dynamic code analysis
    2.
    发明授权
    Systems and methods for combining static and dynamic code analysis 有权
    用于组合静态和动态代码分析的系统和方法

    公开(公告)号:US08726392B1

    公开(公告)日:2014-05-13

    申请号:US13434416

    申请日:2012-03-29

    摘要: A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于组合静态和动态代码分析的计算机实现的方法可以包括1)识别待分析的可执行代码以确定可执行代码是否能够泄漏敏感数据,2)执行可执行代码的静态分析以识别一个 或更多的可执行代码可用于传送敏感数据的对象,通过分析可执行代码而不执行可执行代码来执行静态分析; 3)使用静态分析的结果来调整动态分析以跟踪一个或多个 在静态分析期间识别的对象,以及4)在执行可执行代码的同时执行动态分析,跟踪在静态分析期间识别的一个或多个对象,以确定可执行代码是否经由一个或多个对象泄漏敏感数据 。 还公开了各种其它方法,系统和计算机可读介质。

    Systems and methods for identifying new words from a meta tag
    4.
    发明授权
    Systems and methods for identifying new words from a meta tag 有权
    从元标识中识别新单词的系统和方法

    公开(公告)号:US08892584B1

    公开(公告)日:2014-11-18

    申请号:US13073694

    申请日:2011-03-28

    IPC分类号: G06F17/30 G06F17/27

    摘要: A computer-implemented method to identify new words from a meta tag is described. A Hyper-Text Markup Language (HTML) page is analyzed to identify a meta tag associated with the HTML page. At least one separator included in content of the meta tag is identified. The content of the meta tag is divided using the identified separator. A portion of the divided content is compared to content stored in a database. Upon determining that the portion of the divided content does not exist in the database, the portion of the divided content is added to the database.

    摘要翻译: 描述了用于从元标签识别新单词的计算机实现的方法。 分析超文本标记语言(HTML)页面以识别与HTML页面相关联的元标记。 识别包含在元标签内容中的至少一个分隔符。 元标记的内容使用标识的分隔符进行分割。 将分割的内容的一部分与存储在数据库中的内容进行比较。 在确定分割内容的部分不存在于数据库中时,将分割的内容的部分添加到数据库。

    Systems and methods for monitoring application resource usage on mobile computing systems
    5.
    发明授权
    Systems and methods for monitoring application resource usage on mobile computing systems 有权
    监控移动计算系统上的应用资源使用的系统和方法

    公开(公告)号:US09118520B1

    公开(公告)日:2015-08-25

    申请号:US13452719

    申请日:2012-04-20

    摘要: A computer-implemented method for monitoring application resource usage on mobile computing systems may include 1) identifying a mobile computing system that is configured to execute one application at a time as a foreground application, 2) identifying a request to determine a resource consumption level of an application on the mobile computing system, 3) identifying, in response to the request, at least one frequency level at which a processor of the mobile computing system operates while the application executes as the foreground application, and 4) determining, based on the identified frequency level, the resource consumption level of the application. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于监视移动计算系统上的应用资源使用的计算机实现的方法可以包括:1)识别被配置为一次作为前台应用执行一个应用的移动计算系统,2)识别确定资源消耗水平的请求 移动计算系统上的应用,3)响应于所述请求,识别所述移动计算系统的处理器在应用程序作为前台应用程序执行时运行的至少一个频率级别,以及4)基于 识别频率级别,应用程序的资源消耗水平。 还公开了各种其它方法,系统和计算机可读介质。

    Systems and methods for identifying malware
    6.
    发明授权
    Systems and methods for identifying malware 有权
    用于识别恶意软件的系统和方法

    公开(公告)号:US08984632B1

    公开(公告)日:2015-03-17

    申请号:US13619978

    申请日:2012-09-14

    IPC分类号: H04L29/06

    摘要: A computer-implemented method for identifying malware is described. Event data is received from a mobile device. The event data including events performed on the mobile device and a list of one or more applications. The list of the one or more applications is compared with at least one additional list of applications received from at least one additional mobile device. An application in common across the lists of applications is identified. The identification of the application in common to is transmitted to the mobile device.

    摘要翻译: 描述了用于识别恶意软件的计算机实现的方法。 从移动设备接收事件数据。 事件数据包括在移动设备上执行的事件以及一个或多个应用的​​列表。 将一个或多个应用的​​列表与从至少一个附加移动设备接收的至少一个附加应用列表进行比较。 识别应用程序列表中的共同应用程序。 共同的应用程序的标识被传送到移动设备。

    Systems and methods for detecting illegitimate applications
    7.
    发明授权
    Systems and methods for detecting illegitimate applications 有权
    用于检测非法应用的系统和方法

    公开(公告)号:US08732834B2

    公开(公告)日:2014-05-20

    申请号:US13604422

    申请日:2012-09-05

    IPC分类号: G06F21/00 H04L29/06

    CPC分类号: G06F21/57 G06F21/554

    摘要: A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于检测非法应用的计算机实现的方法可以包括:1)识别计算系统上的应用的安装; 2)响应于识别应用的安装,确定至少一个在计算上具有特权访问的系统文件 系统在安装应用程序之前已经改变,3)至少部分地基于应用程序的安装时间相对于系统文件的更改时间确定该应用是非法的,以及4)执行一个 响应确定应用程序是非法的,对应用程序进行修复操作。 还公开了各种其它方法,系统和计算机可读介质。

    SYSTEMS AND METHODS FOR DETECTING ILLEGITIMATE APPLICATIONS
    8.
    发明申请
    SYSTEMS AND METHODS FOR DETECTING ILLEGITIMATE APPLICATIONS 有权
    用于检测非典型应用的系统和方法

    公开(公告)号:US20140068767A1

    公开(公告)日:2014-03-06

    申请号:US13604422

    申请日:2012-09-05

    IPC分类号: G06F21/00

    CPC分类号: G06F21/57 G06F21/554

    摘要: A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于检测非法应用的计算机实现的方法可以包括:1)识别计算系统上的应用的安装; 2)响应于识别应用的安装,确定至少一个在计算上具有特权访问的系统文件 系统在安装应用程序之前已经改变,3)至少部分地基于应用程序的安装时间相对于系统文件的更改时间确定该应用是非法的,以及4)执行一个 响应确定应用程序是非法的,对应用程序进行修复操作。 还公开了各种其它方法,系统和计算机可读介质。

    Using expectation measures to identify relevant application analysis results
    9.
    发明授权
    Using expectation measures to identify relevant application analysis results 有权
    使用期望措施确定相关应用分析结果

    公开(公告)号:US08806644B1

    公开(公告)日:2014-08-12

    申请号:US13481715

    申请日:2012-05-25

    IPC分类号: G06F21/00 H04L29/06

    CPC分类号: H04L63/1416

    摘要: An application is analyzed, thereby detecting behaviors of the application. Data indicative of the functionality of the application is mined from a plurality of sources. The application is categorized based on the mined data. The categorization of the application indicates expected application behaviors. Multiple categories can be assigned to the application, wherein each assigned category correlates with at least one expected application behavior. Measures of consistency between the detected behaviors of the application and the expected behaviors of the application are determined. Determining the measures of consistency comprises quantifying differences between detected behaviors of the application and expected behaviors of the application. Responsive to the determined measures of consistency, it is adjudicated whether the application is suspect of being malicious.

    摘要翻译: 分析应用程序,从而检测应用程序的行为。 表示应用程序的功能的数据是从多个来源开采的。 应用程序根据开采的数据进行分类。 应用程序的分类表明预期的应用行为。 可以将多个类别分配给应用,其中每个分配的类别与至少一个预期的应用行为相关。 确定应用程序检测到的行为与应用程序的预期行为之间的一致性度量。 确定一致性的措施包括量化应用程序的检测行为与应用程序的预期行为之间的差异。 针对确定的一致性措施,判定应用程序是否被怀疑是恶意的。

    NETWORK MASS OPERATION INFRASTRUCTURE
    10.
    发明申请
    NETWORK MASS OPERATION INFRASTRUCTURE 有权
    网络质量操作基础设施

    公开(公告)号:US20090177774A1

    公开(公告)日:2009-07-09

    申请号:US12346648

    申请日:2008-12-30

    IPC分类号: G06F15/16

    CPC分类号: H04L12/6418

    摘要: In various embodiments, a method for managing edge processors includes providing an interface that allows a user to define a network operation associated with a edge processor. A network operation is generated based on input received via the interface. An action defined by the network operation is then performed at one or more edge processors.

    摘要翻译: 在各种实施例中,用于管理边缘处理器的方法包括提供允许用户定义与边缘处理器相关联的网络操作的接口。 基于通过接口接收的输入生成网络操作。 然后由一个或多个边缘处理器执行由网络操作定义的动作。