公开(公告)号：US10452840B2

公开(公告)日：2019-10-22

申请号：US15210815

申请日：2016-07-14

Applicant: QUALCOMM Incorporated

Inventor： Yin Chen ,  Dong Li ,  Vinay Sridhara

IPC: G06F21/55 ,  H04L29/06 ,  H04W12/12

Abstract: Methods, systems and devices compute and use the execution session contexts of software applications to perform behavioral monitoring and analysis operations. A mobile device may be configured to monitor user activity and system activity of a software application, generate a shadow feature value that identifies actual execution session context of the software application during that activity, generate a behavior vector that incorporates context into the values describing behaviors, and determine whether the activity is malicious or benign based, at least in part, on the generated behavior vector. The mobile device processor may also be configured to intelligently determine whether the execution session context of a software application is relevant to determining whether any of the monitored mobile device behaviors are malicious or suspicious, and monitor only the execution session contexts of the software applications for which such determinations are relevant.

公开(公告)号：US20180060569A1

公开(公告)日：2018-03-01

申请号：US15249110

申请日：2016-08-26

Applicant: QUALCOMM Incorporated

Inventor： Minjang Kim ,  Dong Li ,  Sudha Anil Kumar Gathala

IPC: G06F21/55 ,  G06F21/52

Abstract: Methods, systems, and devices detect and block execution of malicious shell commands requested by a software application. Various embodiments may include receiving a request from a software application to execute a shell command and simulating execution of the shell command to produce execution behavior information. The computing device may analyze system activities to produce execution context information and generate an execution behavior vector based, at least in part, on the execution behavior information and the execution context information. The computing device may use a behavior classifier model to determine whether the shell command is malicious. In response to determining that the shell command is malicious, the computing device may block execution of the shell command.

公开(公告)号：US20180039779A1

公开(公告)日：2018-02-08

申请号：US15228251

申请日：2016-08-04

Applicant: QUALCOMM Incorporated

Inventor： Dong Li ,  Yin Chen ,  Saumitra Mohan Das

IPC: G06F21/56

CPC classification number: G06F21/566 ,  G06F21/56 ,  G06F21/562 ,  G06F2221/033 ,  H04W12/00505 ,  H04W12/00508 ,  H04W12/1208

Abstract: A computing device may be protected from non-benign behavior, malware, and cyber attacks by using a combination of predictive and real-time behavior-based analysis techniques. A computing device may be configured to identify anticipated behaviors of a software application before runtime, analyze the anticipated behaviors before runtime to generate static analysis results, commencing execution of the software application, analyze behaviors of the software application during runtime via a behavior-based analysis system, and control operations of the behavior-based analysis system based on the static analysis results.