Abstract:
The various aspects leverage the novel observation that the number of call sites in code is directly correlated with the code's compile time and provide methods implemented by a compiler operating on a computing device (e.g., a smartphone) for performing inline throttling based on a projected number of call sites in the code that would exist after performing inline expansion. The various aspects enable the compiler to improve the performance of the generated code by aggressive inlining while carefully managing increases in compile time, thereby decreasing the power required to compile the code while increasing performance of the computing device. Thus, by inlining enough call sites to reduce the costs of handling calls while accounting for the costs of inlining, the various aspects provide for an effective balance of short compile times and effective code performance.
Abstract:
Methods, systems and devices for communicating behavior analysis information using an application programming interface (API) may include receiving via the API a request to register the second module to access an operation of a behavioral monitoring system of the mobile computing device, and exchanging authentication information between the first module and the second module to accomplish mutual authentication. Aspects may include receiving via the API a request for version identification information that may be used by the server to determine how to interpret, evaluate, or crowd-source information, and exchanging version identification information between the first module and the second module to cause the second module to send the information to the server. Aspects may further include receiving via the API a provision malware model request including a command causing the first module to send a malware or classifier model to a behavioral monitoring system of the mobile computing device.
Abstract:
Various aspects include methods and computing devices implementing the methods for evaluating device behaviors in the computing devices. Aspect methods may include using a behavior-based machine learning technique to classify a device behavior as one of benign, suspicious, and non-benign. Aspect methods may include using one of a multi-label classification and a meta-classification technique to sub-classify the device behavior into one or more sub-categories. Aspect methods may include determining a relative importance of the device behavior based on the sub-classification, and determining whether to perform robust behavior-based operations based on the determined relative importance of the device behavior.
Abstract:
Various aspects include methods and computing devices implementing the methods for evaluating device behaviors in the computing devices. Aspect methods may include using a behavior-based machine learning technique to classify a device behavior as one of benign, suspicious, and non-benign. Aspect methods may include using one of a multi-label classification and a meta-classification technique to sub-classify the device behavior into one or more sub-categories. Aspect methods may include determining a relative importance of the device behavior based on the sub-classification, and determining whether to perform robust behavior-based operations based on the determined relative importance of the device behavior.
Abstract:
Methods, systems and devices for communicating behavior analysis information using an application programming interface (API) may include receiving via the API a request to register the second module to access an operation of a behavioral monitoring system of the mobile computing device, and exchanging authentication information between the first module and the second module to accomplish mutual authentication. Aspects may include receiving via the API a request for version identification information that may be used by the server to determine how to interpret, evaluate, or crowd-source information, and exchanging version identification information between the first module and the second module to cause the second module to send the information to the server. Aspects may further include receiving via the API a provision malware model request including a command causing the first module to send a malware or classifier model to a behavioral monitoring system of the mobile computing device.
Abstract:
Methods, devices and systems for detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources.
Abstract:
The various aspects leverage the novel observation that the number of call sites in code is directly correlated with the code's compile time and provide methods implemented by a compiler operating on a computing device (e.g., a smartphone) for performing inline throttling based on a projected number of call sites in the code that would exist after performing inline expansion. The various aspects enable the compiler to improve the performance of the generated code by aggressive inlining while carefully managing increases in compile time, thereby decreasing the power required to compile the code while increasing performance of the computing device. Thus, by inlining enough call sites to reduce the costs of handling calls while accounting for the costs of inlining, the various aspects provide for an effective balance of short compile times and effective code performance.
Abstract:
Methods, devices, and systems for creating interoperability between applications that are not designed to be compatible by modifying a binary (or library binary) to encompass necessary functionality without an in-depth understanding of the additional content. A computing device may be configured to identify a function associated with a first binary that is missing from a second binary. In an aspect, the computing device may utilize error codes or diagnostic information from a loader/linker software. The computing device may analyze the first binary to identify a portion of code (or object) corresponding to the missing function, such as by evaluating related assembly code to identify a position-independent portion. The computing device may insert the identified portion of code into the second binary to generate a new binary. In an aspect, the computing device may utilize a dynamic linker configured to link to functions from both the first and second binaries.