-
1.发明申请METHODS AND SYSTEMS FOR AGGREGATED MULTI-APPLICATION BEHAVIORAL ANALYSIS OF MOBILE DEVICE BEHAVIORS 审中-公开用于移动设备行为的聚合多应用行为分析的方法和系统公开(公告)号:WO2016040015A1
公开(公告)日:2016-03-17
申请号:PCT/US2015/047489
申请日:2015-08-28
Applicant: QUALCOMM INCORPORATED
Inventor: SALAJEGHEH, Mastooreh , CHEN, Yin
CPC classification number: G06N5/04 , G06F8/443 , G06F11/3003 , G06F11/3017 , G06F11/3447 , G06F11/3452 , G06F11/3466 , G06F11/3476 , G06F21/00 , G06F21/552 , G06F2201/865 , G06N99/005
Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to evaluate the collective behavior of two or more software applications operating on the device. The processor may be configured to monitor the activities of a plurality of software applications operating on the device, collect behavior information for each monitored activity, generate a behavior vector based on the collected behavior information, apply the generated behavior vector to a classifier model to generate analysis information, and use the analysis information to classify a collective behavior of the plurality of software applications.
Abstract translation: 计算设备处理器可以配置有处理器可执行指令,以实现使用行为分析和机器学习技术来评估在设备上操作的两个或多个软件应用的集体行为的方法。 处理器可以被配置为监视在设备上操作的多个软件应用的活动,针对每个被监控的活动收集行为信息,基于所收集的行为信息生成行为向量,将生成的行为向量应用于分类器模型以产生 分析信息,并使用分析信息对多个软件应用的集体行为进行分类。
-
公开(公告)号:WO2018125310A2
公开(公告)日:2018-07-05
申请号:PCT/US2017/050041
申请日:2017-09-05
Applicant: QUALCOMM INCORPORATED
Inventor: SAMADANI, Ramin , SALAJEGHEH, Mastooreh , CHAO, Hui
Abstract: Various implementations include unmanned autonomous vehicles (UAVs) and methods for providing security for a UAV. In various implementations, a processor of the UAV may receive sensor data from a plurality of UAV sensors about an object in contact with the UAV. The processor may determine an authorization threshold based on the received sensor data. The processor may determine whether the object is authorized based on the received sensor data and the determined authorization threshold.
-
3.发明申请
公开(公告)号:WO2016130262A1
公开(公告)日:2016-08-18
申请号:PCT/US2016/013168
申请日:2016-01-13
Applicant: QUALCOMM INCORPORATED
Inventor: SALAJEGHEH, Mastooreh , KRISHNAMURTHI, Govindarajan , GUPTA, Rajarshi , CHRISTODORESCU, Mihai , SRIDHARA, Vinay , HUGHES, Patrick
IPC: G06F1/32 , H04B17/345 , H04B15/00
CPC classification number: H04W24/08 , G06F1/3206 , H04B15/00 , H04B17/17 , H04B17/27 , H04B17/345 , H04B17/3911 , H04W4/02 , H04W64/003
Abstract: Systems, methods, and devices of the various aspects enable detecting a malfunction caused by radio frequency (RF) interference. A computing device processor may identify a location of the computing device based on a plurality of real-time data inputs received by the computing device. The processor may characterize an RF environment of the computing device based on the identified location and the plurality of real-time data inputs. The processor may determine at least one RF emissions threshold based on the characterization of the RF environment. The processor may compare the characterization of the RF environment to the at least one RF emissions threshold, and may perform an action in response to determining that the characterization of the RF environment exceeds the at least one RF emissions threshold.
Abstract translation: 各方面的系统,方法和装置能够检测由射频(RF)干扰引起的故障。 计算设备处理器可以基于由计算设备接收的多个实时数据输入来识别计算设备的位置。 处理器可以基于所识别的位置和多个实时数据输入来表征计算设备的RF环境。 处理器可以基于RF环境的表征来确定至少一个RF发射阈值。 处理器可以将RF环境的特征与至少一个RF发射阈值进行比较,并且可以响应于确定RF环境的表征超过至少一个RF辐射阈值来执行动作。
-
4.发明申请METHODS AND SYSTEMS FOR BEHAVIORAL ANALYSIS OF MOBILE DEVICE BEHAVIORS BASED ON USER PERSONA INFORMATION 审中-公开基于用户个人信息的移动设备行为的行为分析方法与系统
公开(公告)号:WO2016057111A1
公开(公告)日:2016-04-14
申请号:PCT/US2015/044578
申请日:2015-08-11
Applicant: QUALCOMM INCORPORATED
Inventor: SALAJEGHEH, Mastooreh , SRIDHARA, Vinay , CHEN, Yin , GUPTA, Rajarshi
CPC classification number: G06F21/577 , G06F11/3024 , G06F11/3438 , G06F21/316 , G06F21/552 , H04L63/1425 , H04L63/145
Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may generate user-persona information that characterizes the user based on that user's activities, preferences, age, occupation, habits, moods, emotional states, personality, device usage patterns, etc. The processor may use the user-persona information to dynamically determine the number of device features that are monitored or evaluated in the computing device, to identify the device features that are most relevant to determining whether the device behavior is not consistent with a pattern of ordinary usage of the computing device by the user, and to better identify or respond to non-benign behaviors of the computing device.
Abstract translation: 计算设备处理器可以配置有处理器可执行指令,以实现使用行为分析和机器学习技术来识别,防止,纠正或以其他方式响应计算设备的恶意或性能降级的行为的方法。 作为这些操作的一部分,处理器可以基于该用户的活动,偏好,年龄,职业,习惯,情绪,情绪状态,个性,设备使用模式等来生成表征用户的用户角色信息。处理器可以使用 用户角色信息以动态地确定在计算设备中被监视或评估的设备特征的数量,以识别与确定设备行为是否与计算设备的普通使用模式最相关的设备特征 并且更好地识别或响应计算设备的非良性行为。
-
5.发明申请SYSTEM AND METHOD OF PERFORMING ONLINE MEMORY DATA COLLECTION FOR MEMORY FORENSICS IN A COMPUTING DEVICE 审中-公开用于在计算设备中执行存储器方法的在线存储器数据收集的系统和方法
公开(公告)号:WO2018038991A1
公开(公告)日:2018-03-01
申请号:PCT/US2017/047104
申请日:2017-08-16
Applicant: QUALCOMM INCORPORATED
IPC: G06F21/56
CPC classification number: H04L63/1433 , G06F1/28 , G06F21/564 , H04L63/1408
Abstract: Various embodiments include methods and a memory data collection processor for performing online memory data collection for memory forensics. Various embodiments may include determining whether an operating system executing in a computing device is trustworthy. In response to determining that the operating system is not trustworthy, the memory data collection processor may collect memory data directly from volatile memory. Otherwise, the operating system to collect memory data from volatile memory. Memory data may be collected at a variable memory data collection rate determined by the memory data collection processor. The memory data collection rate may depend upon whether an available power level of the computing device exceeds a threshold power level, whether an activity state of the processor of the computing device equals a sleep state whether a security risk exists on the computing device, and whether a volume of memory traffic in the volatile memory exceeds a threshold volume.
Abstract translation: 各种实施例包括用于执行存储器取证的在线存储器数据收集的方法和存储器数据收集处理器。 各种实施例可以包括确定在计算设备中执行的操作系统是否可信。 响应于确定操作系统不可信,存储器数据收集处理器可以直接从易失性存储器收集存储器数据。 否则,操作系统从易失性存储器中收集内存数据。 存储器数据可以以由存储器数据收集处理器确定的可变存储器数据收集速率收集。 存储器数据收集速率可以取决于计算设备的可用功率水平是否超过阈值功率水平,计算设备的处理器的活动状态是否等于睡眠状态,无论计算设备上是否存在安全风险,以及是否 易失性存储器中的内存流量超过阈值。
-
公开(公告)号:WO2016148837A1
公开(公告)日:2016-09-22
申请号:PCT/US2016/018659
申请日:2016-02-19
Applicant: QUALCOMM INCORPORATED
Inventor: CHRISTODORESCU, Mihai , SALAJEGHEH, Mastooreh , GUPTA, Rajarshi , ISLAM, Nayeem
CPC classification number: G06F11/3466 , G06F8/443 , G06F11/3003 , G06F11/302 , G06F11/3051 , G06F11/3495 , G06F11/3612 , G06F11/362 , G06F11/3624
Abstract: Various aspects provide systems and methods for optimizing hardware monitoring on a computing device. A computing device may receive a monitoring request to monitor a portion of code or data within a process executing on the computing device. The computing device may generate from the monitoring request a first monitoring configuration parameter for a first hardware monitoring component in the computing device and may identify a non-optimal event pattern that occurs while the first hardware monitoring component monitors the portion of code or data according to the first monitoring configuration parameter. The computing device may apply a transformation to the portion of code or data and reconfigure the first hardware monitoring component by modifying the first monitoring configuration parameter in response to the transformation of the portion of code or data.
Abstract translation: 各个方面提供用于优化计算设备上的硬件监视的系统和方法。 计算设备可以接收监视请求以监视在计算设备上执行的过程中的代码或数据的一部分。 所述计算设备可以从所述监视请求生成所述计算设备中的第一硬件监视组件的第一监视配置参数,并且可以识别当所述第一硬件监视组件根据所述第一硬件监视组件监视所述代码或数据的所述部分时发生的非最佳事件模式 第一个监控配置参数。 计算设备可以对代码或数据的一部分应用变换,并且通过响应于代码或数据的部分的变换来修改第一监视配置参数来重新配置第一硬件监控组件。
-
7.发明申请
公开(公告)号:WO2018136154A1
公开(公告)日:2018-07-26
申请号:PCT/US2017/063888
申请日:2017-11-30
Applicant: QUALCOMM INCORPORATED
Abstract: Various embodiments include systems, methods and devices for reducing the burden on mobile devices of memory data collection for memory forensics. Various embodiments may include monitoring for changes sections or portions of memory within the computing device that been identified by a network device based on a prior memory snapshot. When changes are detected, the computing device may determine whether data changes in the monitored sections or portions of memory satisfy a criterion for transmitting an incremental snapshot of memory. Such criteria may be defined in information received from the network device. When the criteria are satisfied, the computing device may transmit an incremental memory snapshot to the network device. The computing device may transmit to the network device results of analysis of the data changes observed in the memory. Various embodiments may be performed in a secure environment or in a memory collection processor within the computing device.
-
公开(公告)号:WO2016178776A1
公开(公告)日:2016-11-10
申请号:PCT/US2016/026151
申请日:2016-04-06
Applicant: QUALCOMM INCORPORATED
Inventor: SALAJEGHEH, Mastooreh , KRISHNAMURTHI, Govindarajan , CHRISTODORESCU, Mihai , GUPTA, Rajarshi , SRIDHARA, Vinay , HUGHES, Patrick
CPC classification number: G01R29/0814 , G01R29/0892 , G01R31/001 , G01R31/002
Abstract: Systems, methods, and devices of the various aspects enable detecting anomalous electromagnetic (EM) emissions from among a plurality of electronic devices. A device processor may receive EM emissions of a plurality of electronic devices, wherein the receiving device has no previous information about any of the plurality of electronic devices. The device processor may cross-correlate the EM emissions of the plurality of electronic devices over time. The device processor may identify a difference of the cross-correlated EM emissions from earlier cross-correlated EM emissions. The device processor may determine that the difference of the cross-correlated EM emissions from the earlier cross-correlated EM emissions indicates an anomaly in one or more of the plurality of electronic devices.
Abstract translation: 各个方面的系统,方法和装置能够检测多个电子设备中的异常电磁(EM)发射。 设备处理器可以接收多个电子设备的EM发射,其中接收设备没有关于多个电子设备中的任何一个的先前信息。 设备处理器可以随着时间使得多个电子设备的EM发射互相关联。 器件处理器可以识别来自先前的相互关联的EM发射的相互关联的EM发射的差异。 设备处理器可以确定来自较早的交叉相关EM发射的交叉相关EM发射的差异指示多个电子设备中的一个或多个中的异常。
-
9.发明申请METHODS AND SYSTEMS FOR AUTOMATED ANONYMOUS CROWDSOURCING OF CHARACTERIZED DEVICE BEHAVIORS 审中-公开用于自动化特征化设备行为的方法和系统
公开(公告)号:WO2016148840A1
公开(公告)日:2016-09-22
申请号:PCT/US2016/018669
申请日:2016-02-19
Applicant: QUALCOMM INCORPORATED
Inventor: SALAJEGHEH, Mastooreh , MAHMOUDI, Mona , SRIDHARA, Vinay , CHRISTODORESCU, Mihai , CASCAVAL, Gheorghe Calin
CPC classification number: H04L63/1441 , G06F9/46 , G06F11/3409 , G06F21/552 , G06F21/6254 , H04L63/0421 , H04L63/1416 , H04L63/1425 , H04W12/02 , H04W12/12 , H04W24/10
Abstract: Methods, and devices implementing the methods, use device-specific classifiers in a privacy-preserving behavioral monitoring and analysis system for crowd-sourcing of device behaviors. Diverse devices having varying degrees of "smart" capabilities may monitor operational behaviors. Gathered operational behavior information may be transmitted to a nearby device having greater processing capabilities than a respective collecting device, or may be transmitted directly to an "always on" device. The behavior information may be used to generate behavior vectors, which may be analyzed for anomalies. Vectors containing anomaly flags may be anonymized to remove any user-identifying information and subsequently transmitted to a remote recipient such as a service provider or device manufacture. In this manner, operational behavior information may be gathered about different devices from a large number of users, to obtain statistical analysis of operational behavior for specific makes and models of devices, without divulging personal information about device users.
Abstract translation: 方法和实现方法的设备在隐私保护行为监控和分析系统中使用设备特定的分类器,用于人群来源的设备行为。 具有不同程度的“智能”能力的不同装置可以监视操作行为。 聚集的操作行为信息可以被发送到具有比相应的收集装置更大的处理能力的附近设备,或者可以直接传送到“始终处于”设备。 行为信息可以用于生成行为矢量,可以对异常进行分析。 可以对包含异常标志的向量进行匿名处理,以消除任何用户识别信息,并随后发送到诸如服务提供商或设备制造的远程接收者。 以这种方式,可以从大量用户收集关于不同设备的操作行为信息,以获得关于特定设备和型号的操作行为的统计分析,而不泄漏关于设备用户的个人信息。
-
10.发明申请
公开(公告)号:WO2016133675A1
公开(公告)日:2016-08-25
申请号:PCT/US2016/015626
申请日:2016-01-29
Applicant: QUALCOMM INCORPORATED
Inventor: SALAJEGHEH, Mastooreh , SRIDHARA, Vinay , GUPTA, Rajarshi
CPC classification number: G06Q30/016 , G06Q10/10 , G06Q50/06 , H04L43/065 , H04L67/12
Abstract: Systems and methods are disclosed for automating customer service for a monitored device (MD). A method for an Internet of Everything management device to automate customer service for a monitored device comprises collecting sensor data from a plurality of sensors, wherein the plurality of sensors comprises a first sensor that is not included in the MD, determining whether the MD is exhibiting abnormal behavior based on an analysis of the collected sensor data, and transmitting a report to a customer service entity associated with the MD in response to a determination that the MD is exhibiting abnormal behavior.
Abstract translation: 公开了用于自动化被监视设备(MD)的客户服务的系统和方法。 一种用于所有管理设备的因特网自动化用于被监视设备的客户服务的方法包括从多个传感器收集传感器数据,其中所述多个传感器包括不包括在MD中的第一传感器,确定MD是否正在展示 基于对所收集的传感器数据的分析,响应于确定MD呈现异常行为而将报告发送到与MD相关联的客户服务实体的异常行为。
