公开(公告)号：US08474046B1

公开(公告)日：2013-06-25

申请号：US13188346

申请日：2011-07-21

申请人： Sheng Gong ,  Zhe Liu ,  Xue Feng Tian

发明人： Sheng Gong ,  Zhe Liu ,  Xue Feng Tian

IPC分类号： G06F11/00

CPC分类号： G06F11/3093 ,  G06F21/554 ,  G06F21/577

摘要： A computer-implemented method to identify the spreading of sensitive data from a suspicious application is described. At least one security attribute for an application programming interface (API) is defined. Sensitive data passed through the at least one security attribute to the suspicious application are marked. The marked sensitive data being passed through the at least one security attribute from the suspicious application are detected. A notification is generated regarding the spreading of the sensitive data by the suspicious application.

摘要翻译： 描述了从可疑应用程序中识别敏感数据的扩展的计算机实现的方法。 定义了应用程序编程接口（API）的至少一个安全属性。 通过至少一个安全属性传递到可疑应用程序的敏感数据被标记。 检测到通过来自可疑应用的至少一个安全属性的标记的敏感数据。 产生关于可疑应用对敏感数据的扩展的通知。

公开(公告)号：US08726392B1

公开(公告)日：2014-05-13

申请号：US13434416

申请日：2012-03-29

申请人： Bruce McCorkendale ,  Xue Feng Tian ,  Sheng Gong ,  Xiaole Zhu ,  Jun Mao ,  Qingchun Meng ,  Ge Hua Huang ,  Wei Guo Eric Hu

发明人： Bruce McCorkendale ,  Xue Feng Tian ,  Sheng Gong ,  Xiaole Zhu ,  Jun Mao ,  Qingchun Meng ,  Ge Hua Huang ,  Wei Guo Eric Hu

IPC分类号： G06F12/14 ,  G06F11/00 ,  G06F12/16 ,  G08B23/00 ,  G06F11/30

CPC分类号： G06F21/52 ,  G06F11/3604 ,  G06F21/56 ,  G06F21/563 ,  G06F21/60

摘要： A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于组合静态和动态代码分析的计算机实现的方法可以包括1）识别待分析的可执行代码以确定可执行代码是否能够泄漏敏感数据，2）执行可执行代码的静态分析以识别一个 或更多的可执行代码可用于传送敏感数据的对象，通过分析可执行代码而不执行可执行代码来执行静态分析; 3）使用静态分析的结果来调整动态分析以跟踪一个或多个 在静态分析期间识别的对象，以及4）在执行可执行代码的同时执行动态分析，跟踪在静态分析期间识别的一个或多个对象，以确定可执行代码是否经由一个或多个对象泄漏敏感数据 。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US08726386B1

公开(公告)日：2014-05-13

申请号：US13422702

申请日：2012-03-16

申请人： Bruce McCorkendale ,  Xue Feng Tian ,  Sheng Gong ,  Xiaole Zhu ,  Jun Mao ,  Qingchun Meng ,  Guilin Hu ,  Ge Hua Huang

发明人： Bruce McCorkendale ,  Xue Feng Tian ,  Sheng Gong ,  Xiaole Zhu ,  Jun Mao ,  Qingchun Meng ,  Guilin Hu ,  Ge Hua Huang

IPC分类号： G06F11/00

CPC分类号： G06F21/629 ,  G06F21/554 ,  H04W12/12

摘要： A computer-implemented method for detecting malware may include 1) identifying an application configured to use a permission on a mobile computing platform, the permission enabling the application to access a feature of the mobile computing platform, 2) determining that the application is configured to use the permission while executing as a background application on the mobile computing platform, 3) determining that the use of the permission is suspect based on the application being configured to use the permission while executing as the background application, and 4) performing a remediation action in response to determining that the use of the permission is suspect. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于检测恶意软件的计算机实现的方法可以包括：1）识别配置为在移动计算平台上使用许可的应用，允许应用访问移动计算平台的特征的许可，2）确定应用被配置为 在所述移动计算平台上作为后台应用程序执行时，使用所述权限; 3）根据所述应用被配置为在执行所述后台应用时使用所述权限，确定所述权限的使用是可疑的，以及4）执行修复动作 以确定使用权限是可疑的。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US09781151B1

公开(公告)日：2017-10-03

申请号：US13271104

申请日：2011-10-11

申请人： Bruce E. McCorkendale ,  Sourabh Satish ,  Xuefeng Tian ,  Jingnan Si ,  Jun Mao ,  Xiaole Zhu ,  Sheng Gong

发明人： Bruce E. McCorkendale ,  Sourabh Satish ,  Xuefeng Tian ,  Jingnan Si ,  Jun Mao ,  Xiaole Zhu ,  Sheng Gong

IPC分类号： G06F11/00 ,  G08B23/00 ,  H04L29/06

CPC分类号： H04L63/1441 ,  G06F21/562 ,  G06F21/567 ,  H04L63/123 ,  H04L63/1408 ,  H04L63/1416

摘要： Techniques for identifying malicious downloadable applications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for identifying malicious downloadable applications comprising receiving a signature of a downloadable application, identifying, using at least one computer processor, a known good application having at least one attribute in common with the downloadable application and having a signature different from the signature of the downloadable application, analyzing the downloadable application to evaluate one or more risk factors based at least in part on the at least one common attribute and the difference in signatures, and determining, based on the evaluated one or more risk factors, one or more responsive actions.