公开(公告)号：US20150121524A1

公开(公告)日：2015-04-30

申请号：US14064437

申请日：2013-10-28

Applicant: QUALCOMM Incorporated

Inventor： Kassem FAWAZ ,  Vinay Sridhara ,  Rajarshi Gupta ,  Mihai Christodorescu

IPC: G06F21/56

CPC classification number: G06F21/566 ,  G06F21/552

Abstract: Methods, systems and devices use operating system execution states while monitoring applications executing on a mobile device to perform comprehensive behavioral monitoring and analysis include configuring a mobile device to monitor an activity of a software application, generate a shadow feature value that identifies an operating system execution state of the software application during that activity, generate a behavior vector that associates the monitored activity with the shadow feature value, and determine whether the activity is malicious or benign based on the generated behavior vector, shadow feature value and/or operating system execution states. The mobile device may also be configured to intelligently determine whether the operating system execution state of a software application is relevant to determining whether any of the monitored mobile device behaviors are malicious or suspicious, and monitor only the operating system execution states of the software applications for which such determinations are relevant.

Abstract translation: 方法，系统和设备使用操作系统执行状态，同时监视在移动设备上执行的执行综合行为监控和分析的应用程序，包括配置移动设备来监视软件应用程序的活动，生成标识操作系统执行的阴影特征值 在该活动期间生成软件应用程序的状态，生成将所监视的活动与影子特征值相关联的行为向量，并基于生成的行为向量，阴影特征值和/或操作系统执行状态来确定活动是恶意还是良性 。 移动设备还可以被配置为智能地确定软件应用的操作系统执行状态是否与确定所监视的移动设备行为是否是恶意的或可疑的相关，并且仅监视软件应用的操作系统执行状态 这些确定是相关的。