公开(公告)号：US20180018456A1

公开(公告)日：2018-01-18

申请号：US15210815

申请日：2016-07-14

Applicant: QUALCOMM Incorporated

Inventor： Yin CHEN ,  Dong LI

IPC: G06F21/55

CPC classification number: G06F21/552 ,  G06F2221/033 ,  G06F2221/2151 ,  H04L63/1441 ,  H04W12/1208

Abstract: Methods, systems and devices compute and use the execution session contexts of software applications to perform behavioral monitoring and analysis operations. A mobile device may be configured to monitor user activity and system activity of a software application, generate a shadow feature value that identifies actual execution session context of the software application during that activity, generate a behavior vector that incorporates context into the values describing behaviors, and determine whether the activity is malicious or benign based, at least in part, on the generated behavior vector. The mobile device processor may also be configured to intelligently determine whether the execution session context of a software application is relevant to determining whether any of the monitored mobile device behaviors are malicious or suspicious, and monitor only the execution session contexts of the software applications for which such determinations are relevant.

公开(公告)号：US20190080090A1

公开(公告)日：2019-03-14

申请号：US15701319

申请日：2017-09-11

Applicant: QUALCOMM Incorporated

Inventor： Dong LI ,  Yin CHEN ,  Saumitra Mohan DAS

IPC: G06F21/56

Abstract: In an aspect, an apparatus obtains a first payload that is dynamically loaded by an application program of the apparatus. For example, the first payload may be dynamically loaded by an application program (e.g., during run time) for execution on the apparatus. The apparatus determines whether the first payload includes malicious content. The apparatus prevents execution of the first payload when the first payload includes the malicious content, and executes the first payload when the first payload does not include the malicious content.