公开(公告)号：US20150101047A1

公开(公告)日：2015-04-09

申请号：US14044937

申请日：2013-10-03

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Salyajit Prabhakar Patne ,  Rajarshi Gupta

IPC: G06F21/55

CPC classification number: G06F21/55 ,  G06F9/44505 ,  G06F21/57 ,  G06F21/577 ,  H04L63/1408 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04W12/12

Abstract: The various aspects include systems and methods for enabling mobile computing devices to recognize when they are at risk of experiencing malicious behavior in the near future given a current configuration. Thus, the various aspects enable mobile computing devices to anticipate malicious behaviors before a malicious behavior begins rather than after the malicious behavior has begun. In the various aspects, a network server may receive behavior vector information from multiple mobile computing devices and apply pattern recognition techniques to the received behavior vector information to identify malicious configurations and pathway configurations that may lead to identified malicious configurations. The network server may inform mobile computing devices of identified malicious configurations and the corresponding pathway configurations, thereby enabling mobile computing devices to anticipate and prevent malicious behavior from beginning by recognizing when they have entered a pathway configuration leading to malicious behavior.

Abstract translation: 各个方面包括系统和方法，用于使移动计算设备能够在给定当前配置的情况下识别何时在不久的将来遇到恶意行为的风险。 因此，各方面使得移动计算设备能够在恶意行为开始之前而不是在恶意行为开始之后预测恶意行为。 在各个方面，网络服务器可以从多个移动计算设备接收行为向量信息，并将模式识别技术应用于接收的行为向量信息，以识别可能导致识别的恶意配置的恶意配置和路由配置。 网络服务器可以向移动计算设备通知所识别的恶意配置和相应的路由配置，从而使得移动计算设备能够通过识别何时进入导致恶意行为的路径配置来开始预测和防止恶意行为。

公开(公告)号：US20150082441A1

公开(公告)日：2015-03-19

申请号：US14028914

申请日：2013-09-17

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Vinay Sridhara ,  Rajarshi Gupta

IPC: G06F9/54 ,  G06F21/55

CPC classification number: G06F9/541 ,  G06F21/566 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2151 ,  H04L63/1441 ,  H04W12/12

Abstract: Methods and devices for detecting suspicious or performance-degrading mobile device behaviors may include performing behavior monitoring and analysis operations to intelligently, dynamically, and/or adaptively determine the mobile device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the behaviors are to be observed. Such behavior monitoring and analysis operations may be performed continuously (or near continuously) in a mobile device without consuming an excessive amount of processing, memory, or energy resources of the mobile device by identifying hot application programming interfaces (APIs) and hot action patterns that are invoked or used most frequently by software applications of the mobile device and storing information regarding these hot APIs and hot action patterns separately and more efficiently.

Abstract translation: 用于检测可疑或降低性能的移动设备行为的方法和设备可以包括执行行为监视和分析操作以智能地，动态地和/或自适应地确定要观察的移动设备行为，将被观察的行为的数量 ，以及要观察行为的细节或粒度级别。 这样的行为监视和分析操作可以在移动设备中连续（或接近连续地）执行，而不需要消耗移动设备的过多量的处理，存储器或能量资源，通过识别热应用编程接口（API）和热动作模式， 被移动设备的软件应用最频繁地调用或使用，并且分别且更有效地存储关于这些热API和热动作模式的信息。

公开(公告)号：US20150082430A1

公开(公告)日：2015-03-19

申请号：US14030053

申请日：2013-09-18

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Sudha Anil Kumar Gathala ,  Rajarshi Gupta

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F21/566

Abstract: Methods, devices and systems for detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources.

Abstract translation: 用于智能地，动态地和/或自适应地检测待观察的计算设备行为，要观察的行为的数量以及细节或粒度的级别来检测可疑或降级性能的移动设备行为的方法，设备和系统 在那里要观察移动设备的行为。 各个方面有效地识别可疑或降低性能的移动设备行为，而不需要过多的处理，存储器或能量资源。

公开(公告)号：US20140123289A1

公开(公告)日：2014-05-01

申请号：US14149471

申请日：2014-01-07

Applicant: QUALCOMM Incorporated

Inventor： Hsu-Chun Hsiao ,  Shuo Deng ,  Babak Salamat ,  Rajarshi Gupta ,  Saumitra Mohan Das

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/52 ,  G06F21/552 ,  G06F21/554 ,  G06F21/56 ,  G06F21/566

Abstract: Disclosed is an apparatus and method for a computing device to determine if an application is malware. The computing device may include: a query logger to log the behavior of the application on the computing device to generate a log; a behavior analysis engine to analyze the log from the query logger to generate a behavior vector that characterizes the behavior of the application; and a classifier to classify the behavior vector for the application as benign or malware.

Abstract translation: 公开了一种用于计算设备来确定应用是否是恶意软件的装置和方法。 计算设备可以包括：查询记录器，用于在计算设备上记录应用的行为以生成日志; 行为分析引擎，用于从查询记录器分析日志，以生成表征应用程序行为的行为向量; 以及将应用程序的行为向量分类为良性或恶意软件的分类器。

公开(公告)号：US10251114B2

公开(公告)日：2019-04-02

申请号：US14468150

申请日：2014-08-25

Applicant: QUALCOMM Incorporated

Inventor： Peerapol Tinnakornsrisuphap ,  Fatih Ulupinar ,  John Nasielski ,  Jun Wang ,  Parag Agashe ,  Rajarshi Gupta ,  Ramin Rezaiifar

IPC: H04W40/02 ,  H04L12/28 ,  H04L29/12 ,  H04W48/18 ,  H04L12/749 ,  H04L12/46 ,  H04W8/08 ,  H04W80/04 ,  H04W84/04 ,  H04W88/08

Abstract: Local IP access is provided in a wireless network to facilitate access to one or more local services. In some implementations, different IP interfaces are used for accessing different services (e.g., local services and operator network services). A list that maps packet destinations to IP interfaces may be employed to determine which IP interface is to be used for sending a given packet. In some implementations an access point provides a proxy function (e.g., a proxy ARP function) for an access terminal. In some implementations an access point provides an agent function (e.g., a DHCP function) for an access terminal. NAT operations may be performed at an access point to enable the access terminal to access local services. In some aspects, an access point may determine whether to send a packet from an access terminal via a protocol tunnel based on the destination of the packet.

公开(公告)号：US10176428B2

公开(公告)日：2019-01-08

申请号：US14207754

申请日：2014-03-13

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Rajarshi Gupta

IPC: G06F15/18 ,  G06N5/04 ,  G06N99/00 ,  G06F11/30 ,  G06F21/55 ,  H04L29/06 ,  H04W12/12

Abstract: The various aspects configure a mobile computing device to efficiently identify, classify, model, prevent, and/or correct the conditions and/or behaviors occurring on the mobile computing device that are related to one or more peripheral devices connected to the mobile computing device and that often degrade the performance and/or power utilization levels of the mobile computing device over time. In the various aspects, the mobile computing device may obtain a classifier model that includes, tests, and/or evaluates various conditions, features, behaviors and corrective actions on the mobile computing device that are related to one or more peripheral devices connected to the mobile computing device. The mobile computing device may utilize the classifier model to quickly identify and correct undesirable behaviors occurring on the mobile computing device that are related to the one or more connected peripheral devices.

公开(公告)号：US10158998B2

公开(公告)日：2018-12-18

申请号：US15187837

申请日：2016-06-21

Applicant: QUALCOMM Incorporated

Inventor： Seyed Ali Ahmadzadeh ,  Saumitra Mohan Das ,  Rajarshi Gupta

IPC: H04W12/12 ,  H04L29/12 ,  H04L29/06 ,  H04W48/16 ,  H04L12/26

Abstract: Various embodiments provide methods, devices, and non-transitory processor-readable storage media enabling network path probing with a communications device by sending probes via a network connection to a STUN server and receiving probe replies. The communications device may increment a counter and transmit a test probe configured to be dropped at the first access point (NAT) causing all subsequent NATs to release their IP/port mappings. The communications device may send another probe to the STUN server and receive a probe reply. The communications device may compare the first and second probe replies to determine whether the final IP addresses within the network path match. By continuously incrementing the counter and querying access points, the communications device may determine the number of access points lay along any given network path. The presence of addition or unexpected numbers of NAT Servers may indicate the presence of a rogue access point.

公开(公告)号：US10104107B2

公开(公告)日：2018-10-16

申请号：US14849849

申请日：2015-09-10

Applicant: QUALCOMM Incorporated

Inventor： Vinay Sridhara ,  Yin Chen ,  Rajarshi Gupta

IPC: H04L29/06 ,  G06F21/56 ,  G06F3/0484 ,  G06N99/00

Abstract: Various embodiments include methods of evaluating device behaviors in a computing device and enabling white listing of particular behaviors. Various embodiments may include monitoring activities of a software application operating on the computing device, and generating a behavior vector information structure that characterizes a first monitored activity of the software application. The behavior vector information structure may be applied to a machine learning classifier model to generate analysis results. The analysis results may be used to classify the first monitored activity of the software application as one of benign, suspicious, and non-benign. A prompt may be displayed to the user that requests that the user select whether to whitelist the software application in response to classifying the first monitored activity of the software application as suspicious or non-benign. The first monitored activity may be added to a whitelist of device behaviors in response to receiving a user input.

公开(公告)号：US10089582B2

公开(公告)日：2018-10-02

申请号：US14826430

申请日：2015-08-14

Applicant: QUALCOMM Incorporated

Inventor： Kassem Fawaz ,  Vinay Sridhara ,  Rajarshi Gupta ,  Yin Chen

IPC: G06F17/00 ,  G06N7/00 ,  G06N7/08 ,  G06N99/00 ,  G06N5/04 ,  G06N5/02

Abstract: Methods and systems for classifying mobile device behavior include generating a full classifier model that includes a finite state machine suitable for conversion into boosted decision stumps and/or which describes all or many of the features relevant to determining whether a mobile device behavior is benign or contributing to the mobile device's degradation over time. A mobile device may receive the full classifier model along with sigmoid parameters and use the model to generate a full set of boosted decision stumps from which a more focused or lean classifier model is generated by culling the full set to a subset suitable for efficiently determining whether mobile device behavior are benign. Results of applying the focused or lean classifier model may be normalized using a sigmoid function, with the resulting normalized result used to determine whether the behavior is benign or non-benign.

公开(公告)号：US20180068570A1

公开(公告)日：2018-03-08

申请号：US15286049

申请日：2016-10-05

Applicant: QUALCOMM Incorporated

Inventor： Rajarshi Gupta ,  Michael Franco Taveira

IPC: G08G5/00 ,  H04B7/185 ,  B64C39/02 ,  G07C5/00

CPC classification number: G08G5/0069 ,  B64C39/024 ,  B64C2201/141 ,  G05D1/101 ,  G07C5/008 ,  G08G5/0013 ,  G08G5/0026 ,  G08G5/006 ,  G08G5/0082 ,  H04B7/18506

Abstract: Methods, systems, and devices for providing data from a server to a UAV, enabling the UAV to navigate with respect to areas of restricted air space (“restricted areas”). A server may receive from a UAV, a request for restricted area information based on a position of the UAV. The server may determine boundaries of a surrounding area containing the position of the UAV and a number of restricted areas. The server may transmit coordinate information to the UAV defining the restricted areas contained within the surrounding area.