公开(公告)号：US20180124080A1

公开(公告)日：2018-05-03

申请号：US15455774

申请日：2017-03-10

Applicant: QUALCOMM Incorporated

Inventor： Mihai Christodorescu ,  Nayeem Islam ,  Arun Raman ,  Shuhua Ge

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552 ,  G06F21/554 ,  G06F21/577 ,  G06F21/85 ,  H04L63/1433

Abstract: Various embodiments include methods of protecting a computing device within a network from malware or other non-benign behaviors. A computing device may monitor inputs and outputs to a server, derive a functional specification from the monitored inputs and outputs, and use the functional specification for anomaly detection. Use of the derived functional specification for anomaly detection may include determining whether a behavior, activity, web application, process or software application program is non-benign. The computing device may be the server, and the functional specification may be used to determine whether the server is under attack. In some embodiments, the computing device may constrain the functional specification with a generic constraint, detect a new input-output pair, determine whether the detected input-output pair satisfies the constrained functional specification, and determine that the detected input-output pair is anomalous upon determining that the detected input-output pair (or request-response pair) satisfies the constrained functional specification.

公开(公告)号：US20180198812A1

公开(公告)日：2018-07-12

申请号：US15403477

申请日：2017-01-11

Applicant: QUALCOMM Incorporated

Inventor： Mihai Christodorescu ,  Shuhua Ge ,  Nayeem Islam ,  Hilmi Gunes Kayacik

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/1425 ,  G06F21/552 ,  H04L41/145

Abstract: Various embodiments provide methods, devices, and non-transitory processor-readable storage media for detecting anomalies in network traffic patterns with a network device by analyzing patterns in network traffic packets traversing the network. Various embodiments include clustering received network traffic packets into groups. The network device receives data packets originating from an endpoint device and analyzes the packets for patterns. The network device may apply a traffic analysis model to the clusters to obtain context classes. The network device may select a behavior classifier model based, at least in part, on the determined context class, and may apply the selected behavior classifier model to determine whether the packet behavior is benign or non-benign.

公开(公告)号：US20180124018A1

公开(公告)日：2018-05-03

申请号：US15388934

申请日：2016-12-22

Applicant: QUALCOMM Incorporated

Inventor： Gheorghe Cascaval ,  Hui Chao ,  Mihai Christodorescu ,  Drew Dean ,  Dinakar Khurjati ,  Shuhua Ge ,  Hilmi Gunes Kayacik ,  Arun Raman ,  Ahmet Salih Buyukkayhan ,  Yuanwei Fang

IPC: H04L29/06

CPC classification number: H04L63/0254 ,  G06F21/554 ,  H04L63/02 ,  H04L63/0263 ,  H04L63/1425

Abstract: Aspects may relate to a server comprising: an interface to receive a service request; and a processor coupled to the interface to receive the service request, the processor configured to: implement a firewall appliance for the service request; operate a first micro-security application to generate an anomaly alert for the service request; and operate a second micro-security application to receive the anomaly alert from the first micro-security application or from another server's micro-security application and to determine whether the service request corresponds to a non-benign behavior.