Pre-identifying probable malicious rootkit behavior using behavioral contracts
    2.
    发明授权
    Pre-identifying probable malicious rootkit behavior using behavioral contracts 有权
    使用行为契约预先识别可能的恶意rootkit行为

    公开(公告)号:US09323929B2

    公开(公告)日:2016-04-26

    申请号:US14090200

    申请日:2013-11-26

    CPC classification number: G06F21/56 G06F21/566

    Abstract: The various aspects provide for a computing device and methods implemented by the device to ensure that an application executing on the device and seeking root access will not cause malicious behavior while after receiving root access. Before giving the application root access, the computing device may identify operations the application intends to execute while having root access, determine whether executing the operations will cause malicious behavior by simulating execution of the operations, and pre-approve those operations after determining that executing those operations will not result in malicious behavior. Further, after giving the application root access, the computing device may only allow the application to perform pre-approved operations by quickly checking the application's pending operations against the pre-approved operations before allowing the application to perform those operations. Thus, the various aspects may ensure that an application receives root access without compromising the performance or security integrity of the computing device.

    Abstract translation: 各种方面提供了一种计算设备和由设备实现的方法,以确保在接收根访问之后在设备上执行并寻求root访问的应用不会引起恶意行为。 在给予应用程序根访问之前,计算设备可以识别应用程序在具有root访问的同时执行的操作,确定执行操作是否会通过模拟操作的执行而导致恶意行为,并且在确定执行这些操作之后预先批准这些操作 操作不会导致恶意行为。 此外,在给予应用程序根访问之后,计算设备可以仅允许应用程序通过在允许应用程序执行这些操作之前快速检查应用程序针对预先批准的操作的待处理操作来执行预先批准的操作。 因此,各个方面可以确保应用程序接收根访问,而不会影响计算设备的性能或安全完整性。

    Using normalized confidence values for classifying mobile device behaviors

    公开(公告)号:US10089582B2

    公开(公告)日:2018-10-02

    申请号:US14826430

    申请日:2015-08-14

    Abstract: Methods and systems for classifying mobile device behavior include generating a full classifier model that includes a finite state machine suitable for conversion into boosted decision stumps and/or which describes all or many of the features relevant to determining whether a mobile device behavior is benign or contributing to the mobile device's degradation over time. A mobile device may receive the full classifier model along with sigmoid parameters and use the model to generate a full set of boosted decision stumps from which a more focused or lean classifier model is generated by culling the full set to a subset suitable for efficiently determining whether mobile device behavior are benign. Results of applying the focused or lean classifier model may be normalized using a sigmoid function, with the resulting normalized result used to determine whether the behavior is benign or non-benign.

    Using Normalized Confidence Values For Classifying Mobile Device Behaviors
    5.
    发明申请
    Using Normalized Confidence Values For Classifying Mobile Device Behaviors 审中-公开
    使用归一化置信度值分类移动设备行为

    公开(公告)号:US20150356462A1

    公开(公告)日:2015-12-10

    申请号:US14826430

    申请日:2015-08-14

    CPC classification number: G06N99/005 G06N5/025 G06N5/043

    Abstract: Methods and systems for classifying mobile device behavior include generating a full classifier model that includes a finite state machine suitable for conversion into boosted decision stumps and/or which describes all or many of the features relevant to determining whether a mobile device behavior is benign or contributing to the mobile device's degradation over time. A mobile device may receive the full classifier model along with sigmoid parameters and use the model to generate a full set of boosted decision stumps from which a more focused or lean classifier model is generated by culling the full set to a subset suitable for efficiently determining whether mobile device behavior are benign. Results of applying the focused or lean classifier model may be normalized using a sigmoid function, with the resulting normalized result used to determine whether the behavior is benign or non-benign.

    Abstract translation: 用于分类移动设备行为的方法和系统包括生成包括适合于转换为增强的决策树桩的有限状态机的完整分类器模型和/或描述与确定移动设备行为是良性还是贡献相关的所有或许多特征 随着时间的推移,移动设备的恶化。 移动设备可以连同S型参数一起接收完整的分类器模型,并使用该模型来生成一整套增强的决策树桩,通过将完整集合剔除,从而从整个集合或精益分类器模型生成更多聚焦或精益分类器模型,适用于有效地确定是否 移动设备行为是良性的。 应用聚焦或精确分类器模型的结果可以使用S形函数进行归一化,所得到的归一化结果用于确定行为是良性还是非良性。

    Pre-identifying Probable Malicious Rootkit Behavior Using Behavioral Contracts
    6.
    发明申请
    Pre-identifying Probable Malicious Rootkit Behavior Using Behavioral Contracts 有权
    使用行为合约预先识别可能的恶意Rootkit行为

    公开(公告)号:US20150150130A1

    公开(公告)日:2015-05-28

    申请号:US14090200

    申请日:2013-11-26

    CPC classification number: G06F21/56 G06F21/566

    Abstract: The various aspects provide for a computing device and methods implemented by the device to ensure that an application executing on the device and seeking root access will not cause malicious behavior while after receiving root access. Before giving the application root access, the computing device may identify operations the application intends to execute while having root access, determine whether executing the operations will cause malicious behavior by simulating execution of the operations, and pre-approve those operations after determining that executing those operations will not result in malicious behavior. Further, after giving the application root access, the computing device may only allow the application to perform pre-approved operations by quickly checking the application's pending operations against the pre-approved operations before allowing the application to perform those operations. Thus, the various aspects may ensure that an application receives root access without compromising the performance or security integrity of the computing device.

    Abstract translation: 各种方面提供了一种计算设备和由设备实现的方法,以确保在接收根访问之后在设备上执行并寻求root访问的应用不会引起恶意行为。 在给予应用程序根访问之前,计算设备可以识别应用程序在具有root访问的同时执行的操作,确定执行操作是否会通过模拟操作的执行而导致恶意行为,并且在确定执行这些操作之后预先批准这些操作 操作不会导致恶意行为。 此外,在给予应用程序根访问之后,计算设备可以仅允许应用程序通过在允许应用程序执行这些操作之前快速检查应用程序针对预先批准的操作的待处理操作来执行预先批准的操作。 因此,各个方面可以确保应用程序接收根访问,而不会影响计算设备的性能或安全完整性。

    Method and system for performing behavioral analysis operations in a mobile device based on application state
    7.
    发明授权
    Method and system for performing behavioral analysis operations in a mobile device based on application state 有权
    基于应用状态在移动设备中执行行为分析操作的方法和系统

    公开(公告)号:US09147072B2

    公开(公告)日:2015-09-29

    申请号:US14064437

    申请日:2013-10-28

    CPC classification number: G06F21/566 G06F21/552

    Abstract: Methods, systems and devices use operating system execution states while monitoring applications executing on a mobile device to perform comprehensive behavioral monitoring and analysis include configuring a mobile device to monitor an activity of a software application, generate a shadow feature value that identifies an operating system execution state of the software application during that activity, generate a behavior vector that associates the monitored activity with the shadow feature value, and determine whether the activity is malicious or benign based on the generated behavior vector, shadow feature value and/or operating system execution states. The mobile device may also be configured to intelligently determine whether the operating system execution state of a software application is relevant to determining whether any of the monitored mobile device behaviors are malicious or suspicious, and monitor only the operating system execution states of the software applications for which such determinations are relevant.

    Abstract translation: 方法,系统和设备使用操作系统执行状态,同时监视在移动设备上执行的执行综合行为监控和分析的应用程序,包括配置移动设备来监视软件应用程序的活动,生成标识操作系统执行的阴影特征值 在该活动期间生成软件应用程序的状态,生成将所监视的活动与影子特征值相关联的行为向量,并基于生成的行为向量,阴影特征值和/或操作系统执行状态来确定活动是恶意还是良性 。 移动设备还可以被配置为智能地确定软件应用的操作系统执行状态是否与确定所监视的移动设备行为是否是恶意的或可疑的相关,并且仅监视软件应用的操作系统执行状态 这些确定是相关的。

    Methods and Systems of Using Boosted Decision Stumps and Joint Feature Selection and Culling Algorithms for the Efficient Classification of Mobile Device Behaviors
    8.
    发明申请
    Methods and Systems of Using Boosted Decision Stumps and Joint Feature Selection and Culling Algorithms for the Efficient Classification of Mobile Device Behaviors 有权
    使用增强决策树的方法和系统以及移动设备行为的有效分类的联合特征选择和剔除算法

    公开(公告)号:US20140188781A1

    公开(公告)日:2014-07-03

    申请号:US14090261

    申请日:2013-11-26

    CPC classification number: G06N5/043 G06N5/025

    Abstract: Methods and systems for classifying mobile device behavior include configuring a server use a large corpus of mobile device behaviors to generate a full classifier model that includes a finite state machine suitable for conversion into boosted decision stumps and/or which describes all or many of the features relevant to determining whether a mobile device behavior is benign or contributing to the mobile device's degradation over time. A mobile device may receive the full classifier model and use the model to generate a full set of boosted decision stumps from which a more focused or lean classifier model is generated by culling the full set to a subset suitable for efficiently determining whether mobile device behavior are benign. Boosted decision stumps may be culled by selecting all boosted decision stumps that depend upon a limited set of test conditions.

    Abstract translation: 用于分类移动设备行为的方法和系统包括配置服务器使用大的移动设备行为语料库来生成包括适合于转换为增强的决策树桩的有限状态机和/或描述所有或许多特征的完整分类器模型 与确定移动设备行为是否良好或对移动设备随着时间的退化有所贡献相关。 移动设备可以接收完整的分类器模型并且使用该模型来产生一整套增强的决策树桩,通过将整个集合剔除,从而可以通过将整个集合剔除,从而从中产生更集中或精确的分类器模型,适合于有效地确定移动设备行为是否 良性。 通过选择依赖于有限的测试条件的所有提升的决策树桩,可以剔除增强的决策树桩。

    METHODS AND SYSTEMS OF DYNAMICALLY GENERATING AND USING DEVICE-SPECIFIC AND DEVICE-STATE-SPECIFIC CLASSIFIER MODELS FOR THE EFFICIENT CLASSIFICATION OF MOBILE DEVICE BEHAVIORS
    9.
    发明申请
    METHODS AND SYSTEMS OF DYNAMICALLY GENERATING AND USING DEVICE-SPECIFIC AND DEVICE-STATE-SPECIFIC CLASSIFIER MODELS FOR THE EFFICIENT CLASSIFICATION OF MOBILE DEVICE BEHAVIORS 有权
    动态生成和使用特定设备和特定分类器模型的方法和系统,用于移动设备行为的有效分类

    公开(公告)号:US20140187177A1

    公开(公告)日:2014-07-03

    申请号:US14091707

    申请日:2013-11-27

    CPC classification number: H04B17/391 G06N5/003 G06N99/005

    Abstract: The various aspects provide a mobile device and methods implemented on the mobile device for modifying behavior models to account for device-specific or device-state-specific features. In the various aspects, a behavior analyzer module may leverage a full feature set of behavior models (i.e. a large classifier model) received from a network server to create lean classifier models for use in monitoring for malicious behavior on the mobile device, and the behavior analyzer module may dynamically modify these lean classifier models to include features specific to the mobile device and/or the mobile device's current configuration. Thus, the various aspects may enhance overall security for a particular mobile device by taking the mobile device and its current configuration into account and may improve overall performance by monitoring only features that are relevant to the mobile device.

    Abstract translation: 各个方面提供在移动设备上实现的移动设备和方法,用于修改行为模型以考虑设备特定或设备状态特定的特征。 在各个方面,行为分析器模块可以利用从网络服务器接收的行为模型(即大型分类器模型)的完整特征集来创建用于监视移动设备上的恶意行为的精简分类器模型,以及行为 分析器模块可以动态地修改这些精益分类器模型以包括特定于移动设备和/或移动设备的当前配置的特征。 因此,各个方面可以通过考虑移动设备及其当前配置来增强特定移动设备的总体安全性,并且可以通过仅监视与移动设备相关的特征来提高整体性能。

Patent Agency Ranking