摘要:
A computer-implemented method for detecting malware may include 1) identifying an application configured to use a permission on a mobile computing platform, the permission enabling the application to access a feature of the mobile computing platform, 2) determining that the application is configured to use the permission while executing as a background application on the mobile computing platform, 3) determining that the use of the permission is suspect based on the application being configured to use the permission while executing as the background application, and 4) performing a remediation action in response to determining that the use of the permission is suspect. Various other methods, systems, and computer-readable media are also disclosed.
摘要:
A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.
摘要:
Techniques for identifying malicious downloadable applications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for identifying malicious downloadable applications comprising receiving a signature of a downloadable application, identifying, using at least one computer processor, a known good application having at least one attribute in common with the downloadable application and having a signature different from the signature of the downloadable application, analyzing the downloadable application to evaluate one or more risk factors based at least in part on the at least one common attribute and the difference in signatures, and determining, based on the evaluated one or more risk factors, one or more responsive actions.
摘要:
A computer-implemented method to identify new words from a meta tag is described. A Hyper-Text Markup Language (HTML) page is analyzed to identify a meta tag associated with the HTML page. At least one separator included in content of the meta tag is identified. The content of the meta tag is divided using the identified separator. A portion of the divided content is compared to content stored in a database. Upon determining that the portion of the divided content does not exist in the database, the portion of the divided content is added to the database.
摘要:
A computer-implemented method for monitoring application resource usage on mobile computing systems may include 1) identifying a mobile computing system that is configured to execute one application at a time as a foreground application, 2) identifying a request to determine a resource consumption level of an application on the mobile computing system, 3) identifying, in response to the request, at least one frequency level at which a processor of the mobile computing system operates while the application executes as the foreground application, and 4) determining, based on the identified frequency level, the resource consumption level of the application. Various other methods, systems, and computer-readable media are also disclosed.
摘要:
A computer-implemented method for identifying malware is described. Event data is received from a mobile device. The event data including events performed on the mobile device and a list of one or more applications. The list of the one or more applications is compared with at least one additional list of applications received from at least one additional mobile device. An application in common across the lists of applications is identified. The identification of the application in common to is transmitted to the mobile device.
摘要:
A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.
摘要:
A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.
摘要:
An application is analyzed, thereby detecting behaviors of the application. Data indicative of the functionality of the application is mined from a plurality of sources. The application is categorized based on the mined data. The categorization of the application indicates expected application behaviors. Multiple categories can be assigned to the application, wherein each assigned category correlates with at least one expected application behavior. Measures of consistency between the detected behaviors of the application and the expected behaviors of the application are determined. Determining the measures of consistency comprises quantifying differences between detected behaviors of the application and expected behaviors of the application. Responsive to the determined measures of consistency, it is adjudicated whether the application is suspect of being malicious.
摘要:
In various embodiments, a method for managing edge processors includes providing an interface that allows a user to define a network operation associated with a edge processor. A network operation is generated based on input received via the interface. An action defined by the network operation is then performed at one or more edge processors.