公开(公告)号：US10255434B2

公开(公告)日：2019-04-09

申请号：US15057336

申请日：2016-03-01

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Rajarshi Gupta ,  Nayeem Islam

IPC: G06F21/52 ,  G06F21/55 ,  G06F21/56

Abstract: Various embodiments include methods for detecting software attacks on a process executing on a computing device. Various embodiment methods may include monitoring structural attributes of a plurality of virtual memory regions utilized by the process, and comparing the monitored structural attributes to the expected structural attributes of the plurality of VMRs. Various embodiment methods may further include determining whether the monitored structural attributes represent anomalous behavior of the process based on the comparison between the monitored structural attributes and the expected structural attributes.

公开(公告)号：US10084679B2

公开(公告)日：2018-09-25

申请号：US15077003

申请日：2016-03-22

Applicant: QUALCOMM Incorporated

Inventor： Seyed Ali Ahmadzadeh ,  Saumitra Mohan Das ,  Rajarshi Gupta

IPC: H04L12/26 ,  H04L29/06

CPC classification number: H04L43/12 ,  H04L43/10 ,  H04L43/50 ,  H04L67/42 ,  H04W24/06 ,  H04W48/18 ,  H04W88/06

Abstract: Various embodiments provide methods, devices, and non-transitory processor-readable storage media enabling network probing with a communication device based on the communication device sending a probe via a first network connection and receiving the probe via a second network connection. By leveraging a capability of a communication device to establish two network connections at the same time, various embodiments may enable a single communication device to act as both a probing client and a probing server. In this manner, various embodiments may enable standalone network probing, i.e., network probing that may not require a remote dedicated probing server to act as a probe generator or a probe sink.

公开(公告)号：US10019569B2

公开(公告)日：2018-07-10

申请号：US14316961

申请日：2014-06-27

Applicant: QUALCOMM Incorporated

Inventor： Nayeem Islam ,  Rajarshi Gupta

IPC: G06F21/52 ,  G06F21/51 ,  G06F9/445 ,  G06F21/55 ,  G06F21/57 ,  G06F8/656

CPC classification number: G06F21/52 ,  G06F8/656 ,  G06F9/44536 ,  G06F21/51 ,  G06F21/55 ,  G06F21/57 ,  G06F2221/033

Abstract: Methods, devices, and non-transitory storage media for dynamic patching of diversity-based software executing on a computing device. One of many variations of various module utilized by software may be selected from a list of available module variations to be used when software is executed. An embodiment method for updating software may include obtaining or receiving a notification indicating a particular module variation that should not be used as a module for the software, and removing the module variation from the list of available module variations for the module in response to the notification. In some embodiments, the notification may be received by the mobile device from a remote server, and further the notification does not include data capable of being used as a module by the software during runtime. In some embodiments, the module variation may be one of flawed, outdated, and identified as exploited by malware.

公开(公告)号：US10013554B2

公开(公告)日：2018-07-03

申请号：US15087198

申请日：2016-03-31

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Gheorghe Calin Cascaval ,  Rajarshi Gupta

IPC: H04L29/06 ,  G06F21/55 ,  G06F3/06 ,  G06F12/1009 ,  G06F17/30 ,  G06F21/52

CPC classification number: G06F21/554 ,  G06F3/0623 ,  G06F3/0631 ,  G06F3/0653 ,  G06F3/0683 ,  G06F12/1009 ,  G06F16/1727 ,  G06F16/188 ,  G06F21/52

Abstract: Embodiments include computing devices, apparatus, and methods implemented by the apparatus for time varying address space layout randomization. The apparatus may launch first plurality of versions of a system service and assign a random virtual address space layout to each of the first plurality of versions of the system service. The apparatus may receive a first request to execute the system service from a first application. The apparatus may randomly select a first version of the system service from the first plurality of versions of the system service, and execute the system service using data of the first version of the system service.

公开(公告)号：US09984231B2

公开(公告)日：2018-05-29

申请号：US14937949

申请日：2015-11-11

Applicant: QUALCOMM Incorporated

Inventor： Mastooreh Salajegheh ,  Rajarshi Gupta ,  Nayeem Islam

IPC: G06F21/53 ,  G06F21/56

CPC classification number: G06F21/53 ,  G06F21/566 ,  G06F2221/2105

Abstract: Various embodiments include methods implemented on a computing device for analyzing a program executing within a virtual environment on the computing device. The methods may include determining whether the program is attempting to detect whether it is being executed within the virtual environment, and analyzing the program within a protected mode of the computing device in response to determining that the program is attempting to detect whether it is being executed within the virtual environment.

公开(公告)号：US09961496B2

公开(公告)日：2018-05-01

申请号：US15185178

申请日：2016-06-17

Applicant: QUALCOMM Incorporated

Inventor： Seyed Ali Ahmadzadeh ,  Saumitra Mohan Das ,  Rajarshi Gupta ,  Govindarajan Krishnamurthi

IPC: H04W24/00 ,  H04W4/02 ,  H04W4/00 ,  H04W4/06 ,  H04M1/725 ,  G08G1/0968

CPC classification number: H04W4/023 ,  G08G1/096883 ,  H04L67/12 ,  H04M1/72569 ,  H04M1/72572 ,  H04W4/046 ,  H04W4/06 ,  H04W4/70 ,  H04W4/80

Abstract: Various embodiments include methods, and computing devices configured to implement the methods, for anomaly monitoring using context-based sensor output correlation. A computing device may obtain output of a first sensor and may determine that an anomaly is likely to occur based on the obtained output of the first sensor. The computing device may transmit a message indicating that the anomaly is likely to occur, causing receiving computing devices to begin logging output of sensors of the receiving computing devices. The computing device may determine whether the anomaly did occur. If the anomaly did occur, the computing device may transmit a sensor output request. Nearby computing devices may receive this sensor output request and may transmit collected sensor data to the first computing device. The first computing device may receive the sensor output collected by the various receiving devices and may correlate the first sensor output with the received sensor output.

公开(公告)号：US09898602B2

公开(公告)日：2018-02-20

申请号：US14609113

申请日：2015-01-29

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Sudha Anil Gathala ,  Soorgoli Ashok Halambi

IPC: G06F21/56 ,  G06F21/55 ,  G06F11/14 ,  G06N99/00 ,  G06F11/30 ,  H04W52/02 ,  H04W24/08 ,  G06F11/34 ,  H04W12/12 ,  H04W88/02 ,  H04L29/06

CPC classification number: G06F21/552 ,  G06F11/1433 ,  G06F11/1458 ,  G06F11/3006 ,  G06F11/3082 ,  G06F11/3409 ,  G06F11/3466 ,  G06F11/3476 ,  G06F21/554 ,  G06F21/56 ,  G06F2201/86 ,  G06N99/005 ,  H04L63/1433 ,  H04W12/12 ,  H04W24/08 ,  H04W52/0251 ,  H04W52/0258 ,  H04W88/02 ,  Y02D10/34 ,  Y02D70/1242 ,  Y02D70/1262 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/164 ,  Y02D70/166 ,  Y02D70/21 ,  Y02D70/22

Abstract: Methods, devices and systems for detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources. Various aspects may correct suspicious or performance-degrading mobile device behaviors. Various aspects may prevent identified suspicious or performance-degrading mobile device behaviors from degrading the performance and power utilization levels of a mobile device over time. Various aspects may restore an aging mobile device to its original performance and power utilization levels.

公开(公告)号：US20170366935A1

公开(公告)日：2017-12-21

申请号：US15185178

申请日：2016-06-17

Applicant: QUALCOMM Incorporated

Inventor： Seyed Ali Ahmadzadeh ,  Saumitra Mohan Das ,  Rajarshi Gupta ,  Govindarajan Krishnamurthi

IPC: H04W4/02 ,  H04M1/725 ,  G08G1/0968 ,  H04W4/06 ,  H04W4/00

CPC classification number: H04W4/023 ,  G08G1/096883 ,  H04L67/12 ,  H04M1/72569 ,  H04M1/72572 ,  H04W4/046 ,  H04W4/06 ,  H04W4/70 ,  H04W4/80

Abstract: Various embodiments include methods, and computing devices configured to implement the methods, for anomaly monitoring using context-based sensor output correlation. A computing device may obtain output of a first sensor and may determine that an anomaly is likely to occur based on the obtained output of the first sensor. The computing device may transmit a message indicating that the anomaly is likely to occur, causing receiving computing devices to begin logging output of sensors of the receiving computing devices. The computing device may determine whether the anomaly did occur. If the anomaly did occur, the computing device may transmit a sensor output request. Nearby computing devices may receive this sensor output request and may transmit collected sensor data to the first computing device. The first computing device may receive the sensor output collected by the various receiving devices and may correlate the first sensor output with the received sensor output.

公开(公告)号：US09742559B2

公开(公告)日：2017-08-22

申请号：US14099108

申请日：2013-12-06

Applicant: QUALCOMM Incorporated

Inventor： Mihai Christodorescu ,  Rajarshi Gupta ,  Vinay Sridhara

IPC: H04L9/08 ,  G06F21/44 ,  G06F21/56 ,  G06F21/57 ,  G06F21/60 ,  H04L9/32 ,  H04L29/06 ,  H04W12/02 ,  H04W12/04

CPC classification number: H04L9/0819 ,  G06F21/445 ,  G06F21/566 ,  G06F21/57 ,  G06F21/606 ,  G06F2221/2149 ,  H04L9/083 ,  H04L9/0861 ,  H04L9/321 ,  H04L9/3236 ,  H04L9/3297 ,  H04L63/0428 ,  H04L63/061 ,  H04W12/02 ,  H04W12/04

Abstract: Systems and methods for recognizing and reacting to malicious or performance-degrading behaviors in a mobile device include observing mobile device behaviors in an observer module within a privileged-normal portion of a secure operating environment to identify a suspicious mobile device behavior. The observer module may generate a concise behavior vector based on the observations, and provide the vector to an analyzer module in an unprivileged-secure portion of the secure operating environment. The vector may be analyzed in the unprivileged-secure portion to determine whether the mobile device behavior is benign, suspicious, malicious, or performance-degrading. If the behavior is found to be suspicious, operations of the observer module may be adjusted, such as to perform deeper observations. If the behavior is found to be malicious or performance-degrading behavior the user and/or a client module may be alerted in a secure, tamper-proof manner.

公开(公告)号：US09686023B2

公开(公告)日：2017-06-20

申请号：US14091707

申请日：2013-11-27

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Rajarshi Gupta ,  Kassem Fawaz

IPC: H04B17/00 ,  G06N5/04 ,  H04B17/391

CPC classification number: H04B17/391 ,  G06N5/003 ,  G06N99/005

Abstract: The various aspects provide a mobile device and methods implemented on the mobile device for modifying behavior models to account for device-specific or device-state-specific features. In the various aspects, a behavior analyzer module may leverage a full feature set of behavior models (i.e. a large classifier model) received from a network server to create lean classifier models for use in monitoring for malicious behavior on the mobile device, and the behavior analyzer module may dynamically modify these lean classifier models to include features specific to the mobile device and/or the mobile device's current configuration. Thus, the various aspects may enhance overall security for a particular mobile device by taking the mobile device and its current configuration into account and may improve overall performance by monitoring only features that are relevant to the mobile device.