公开(公告)号：US20180077188A1

公开(公告)日：2018-03-15

申请号：US15262918

申请日：2016-09-12

Applicant: QUALCOMM Incorporated

Inventor： Giridhar Mandyam ,  Sudha Anil Kumar Gathala ,  Saumitra Mohan Das ,  Nayeem Islam ,  Dallas James Wiener ,  Hugo Romero ,  Harold Gilkey

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/56 ,  H04L67/42

Abstract: Methods, and computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device. The server device may be configured to receive reports from the client computing devices, receive threat feeds from a third-party server (e.g., threat intelligence servers, etc.), and use information included in the received threat feed and information included in the received reports to analyze, in the server computing device, a software application that is operating on a client device in multiple passes. The server may generate one or more threat scores and send the one or more threat scores to the client computing device for use in devising a customized security response.

公开(公告)号：US20180020024A1

公开(公告)日：2018-01-18

申请号：US15417718

申请日：2017-01-27

Applicant: QUALCOMM Incorporated

Inventor： Hui Chao ,  Nayeem Islam ,  Gheorghe Calin Cascaval

IPC: H04L29/06 ,  H04L12/26 ,  G06F17/18

CPC classification number: H04L63/1491 ,  G06F17/18 ,  G06F21/53 ,  G06F21/554 ,  H04L43/0876 ,  H04L63/02 ,  H04L63/1425 ,  H04L67/42

Abstract: Various embodiments include methods for protecting a web application server from non-benign web application usage. Embodiment methods may include receiving from a client device a service request message that includes information suitable for causing a web application operating on the web application server to perform one or more operations. In response, a processor, such as within the web application server or another network device, may analyze usage of the web application by the client device via a combination of a honeypot component, a sandboxed detonator component, and a Web Application Firewall (WAF) component. Analysis results may be generated by analyzing the received service request message or a server response message sent by the web application server. The analysis results may be used to identify non-benign web application usage. Actions may be taken to protect the web application server and/or the client device from the identified non-benign web application usage.

公开(公告)号：US09658937B2

公开(公告)日：2017-05-23

申请号：US14660260

申请日：2015-03-17

Applicant: QUALCOMM Incorporated

Inventor： Mihai Christodorescu ,  Mastooreh Salajegheh ,  Rajarshi Gupta ,  Nayeem Islam

IPC: G06F11/34 ,  G06F11/36 ,  G06F11/30 ,  G06F9/45

CPC classification number: G06F11/3466 ,  G06F8/443 ,  G06F11/3003 ,  G06F11/302 ,  G06F11/3051 ,  G06F11/3495 ,  G06F11/3612 ,  G06F11/362 ,  G06F11/3624

Abstract: Various aspects provide systems and methods for optimizing hardware monitoring on a computing device. A computing device may receive a monitoring request to monitor a portion of code or data within a process executing on the computing device. The computing device may generate from the monitoring request a first monitoring configuration parameter for a first hardware monitoring component in the computing device and may identify a non-optimal event pattern that occurs while the first hardware monitoring component monitors the portion of code or data according to the first monitoring configuration parameter. The computing device may apply a transformation to the portion of code or data and reconfigure the first hardware monitoring component by modifying the first monitoring configuration parameter in response to the transformation of the portion of code or data.

公开(公告)号：US20180203996A1

公开(公告)日：2018-07-19

申请号：US15407390

申请日：2017-01-17

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Mastooreh Salajegheh ,  Saumitra Mohan Das ,  Nayeem Islam

IPC: G06F21/56 ,  G06F11/30

CPC classification number: G06F21/562 ,  G06F11/3037 ,  G06F11/3079 ,  G06F21/52 ,  G06F21/554 ,  G06F21/566 ,  G06F21/567 ,  G06F2201/84

Abstract: Various embodiments include systems, methods and devices for reducing the burden on mobile devices of memory data collection for memory forensics. Various embodiments may include monitoring for changes sections or portions of memory within the computing device that been identified by a network device based on a prior memory snapshot. When changes are detected, the computing device may determine whether data changes in the monitored sections or portions of memory satisfy a criterion for transmitting an incremental snapshot of memory. Such criteria may be defined in information received from the network device. When the criteria are satisfied, the computing device may transmit an incremental memory snapshot to the network device. The computing device may transmit to the network device results of analysis of the data changes observed in the memory. Various embodiments may be performed in a secure environment or in a memory collection processor within the computing device.

公开(公告)号：US20170277903A1

公开(公告)日：2017-09-28

申请号：US15076936

申请日：2016-03-22

Applicant: QUALCOMM Incorporated

Inventor： Mihai Christodorescu ,  Dinakar Dhurjati ,  Nayeem Islam

IPC: G06F21/62 ,  H04L9/00 ,  G06F9/455 ,  G06F21/60

CPC classification number: G06F21/6218 ,  G06F9/455 ,  G06F9/45558 ,  G06F12/1433 ,  G06F12/1483 ,  G06F21/602 ,  G06F21/79 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2009/45591 ,  H04L9/008

Abstract: Embodiments include computing devices, systems, and methods for protecting data using virtual views of resource contents. A virtualization interface monitor may monitor a request to access a computing device resource by a first requesting entity and determine whether the first requesting entity is an owner of the computing device resource. A data protection system may provide, to the first requesting entity, an unobscured virtual view of resource contents of the computing device resource in response to determining that the first requesting entity is the owner of the computing device resource. A resource content cryptographic device may obscure a virtual view of the resource contents of the computing device resource in response to determining that the first requesting entity is a non-owner of the computing device resource. The data protection system may provide, to the first requesting entity, the obscured virtual view of resource contents of the computing device resource.

公开(公告)号：US20170234724A1

公开(公告)日：2017-08-17

申请号：US15046390

申请日：2016-02-17

Applicant: QUALCOMM Incorporated

Inventor： Ayman Naguib ,  Nayeem Islam

IPC: G01H3/08 ,  G01S5/18

CPC classification number: G01H3/08 ,  G01S5/18 ,  G01S5/186 ,  G01V1/001

Abstract: Apparatuses and methods are described herein for identifying a Unmanned Aerial Vehicle (UAV), including, but not limited to, determining a first maneuver type, determining a first acoustic signature of sound captured by a plurality of audio sensors while the UAV performs the first maneuver type, determining a second acoustic signature of sound captured by the plurality of audio sensors while the UAV performs a second maneuver type different from the first maneuver type, determining an acoustic signature delta based on the first acoustic signature and the second acoustic signature, and determining an identity of the UAV based on the acoustic signature delta.

公开(公告)号：US20170132411A1

公开(公告)日：2017-05-11

申请号：US14937949

申请日：2015-11-11

Applicant: QUALCOMM Incorporated

Inventor： Mastooreh Salajegheh ,  Rajarshi Gupta ,  Nayeem Islam

IPC: G06F21/53 ,  G06F21/56

CPC classification number: G06F21/53 ,  G06F21/566 ,  G06F2221/2105

Abstract: Various embodiments include methods implemented on a computing device for analyzing a program executing within a virtual environment on the computing device. The methods may include determining whether the program is attempting to detect whether it is being executed within the virtual environment, and analyzing the program within a protected mode of the computing device in response to determining that the program is attempting to detect whether it is being executed within the virtual environment.

公开(公告)号：US10333965B2

公开(公告)日：2019-06-25

申请号：US15262858

申请日：2016-09-12

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Saumitra Mohan Das ,  Nayeem Islam ,  Dallas James Wiener ,  Hugo Romero ,  Harold Gilkey ,  Giridhar Mandyam

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/57

Abstract: Methods, and computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device. The server device may be configured to receive reports from the client computing devices, receive threat feeds from third-party servers (e.g., threat intelligence servers, etc.), and use information included in the received threat feed and information included in the received reports to analyze, in the server computing device, a software application that is operating on a client device in multiple passes. The server may generate threat scores (e.g., one for each pass, etc.), and the threat scores to the client computing device for use in devising a customized security response.

公开(公告)号：US10049327B2

公开(公告)日：2018-08-14

申请号：US14680225

申请日：2015-04-07

Applicant: QUALCOMM Incorporated

Inventor： Faraz Mohammad Mirzaei ,  Vinay Sridhara ,  Nayeem Islam

IPC: G06N99/00 ,  G06F11/34

Abstract: Methods, devices, systems, and non-transitory process-readable storage media for a computing device to use machine learning to dynamically configure an application and/or complex algorithms associated with the application. An aspect method performed by a processor of the computing device may include operations for performing an application that calls a library function associated with a complex algorithm, obtaining signals indicating user responses to performance of the application, determining whether a user tolerates the performance of the application based on the obtained signals indicating the user responses, adjusting a configuration of the application to improve a subsequent performance of the application in response to determining the user does not tolerate the performance of the application, and storing data indicating the user responses to the performance of the application and other external variables for use in subsequent evaluations of user inputs.

公开(公告)号：US20180198812A1

公开(公告)日：2018-07-12

申请号：US15403477

申请日：2017-01-11

Applicant: QUALCOMM Incorporated

Inventor： Mihai Christodorescu ,  Shuhua Ge ,  Nayeem Islam ,  Hilmi Gunes Kayacik

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/1425 ,  G06F21/552 ,  H04L41/145

Abstract: Various embodiments provide methods, devices, and non-transitory processor-readable storage media for detecting anomalies in network traffic patterns with a network device by analyzing patterns in network traffic packets traversing the network. Various embodiments include clustering received network traffic packets into groups. The network device receives data packets originating from an endpoint device and analyzes the packets for patterns. The network device may apply a traffic analysis model to the clusters to obtain context classes. The network device may select a behavior classifier model based, at least in part, on the determined context class, and may apply the selected behavior classifier model to determine whether the packet behavior is benign or non-benign.