-
公开(公告)号:US10176428B2
公开(公告)日:2019-01-08
申请号:US14207754
申请日:2014-03-13
发明人: Vinay Sridhara , Rajarshi Gupta
摘要: The various aspects configure a mobile computing device to efficiently identify, classify, model, prevent, and/or correct the conditions and/or behaviors occurring on the mobile computing device that are related to one or more peripheral devices connected to the mobile computing device and that often degrade the performance and/or power utilization levels of the mobile computing device over time. In the various aspects, the mobile computing device may obtain a classifier model that includes, tests, and/or evaluates various conditions, features, behaviors and corrective actions on the mobile computing device that are related to one or more peripheral devices connected to the mobile computing device. The mobile computing device may utilize the classifier model to quickly identify and correct undesirable behaviors occurring on the mobile computing device that are related to the one or more connected peripheral devices.
-
公开(公告)号:US10104107B2
公开(公告)日:2018-10-16
申请号:US14849849
申请日:2015-09-10
发明人: Vinay Sridhara , Yin Chen , Rajarshi Gupta
IPC分类号: H04L29/06 , G06F21/56 , G06F3/0484 , G06N99/00
摘要: Various embodiments include methods of evaluating device behaviors in a computing device and enabling white listing of particular behaviors. Various embodiments may include monitoring activities of a software application operating on the computing device, and generating a behavior vector information structure that characterizes a first monitored activity of the software application. The behavior vector information structure may be applied to a machine learning classifier model to generate analysis results. The analysis results may be used to classify the first monitored activity of the software application as one of benign, suspicious, and non-benign. A prompt may be displayed to the user that requests that the user select whether to whitelist the software application in response to classifying the first monitored activity of the software application as suspicious or non-benign. The first monitored activity may be added to a whitelist of device behaviors in response to receiving a user input.
-
公开(公告)号:US10089582B2
公开(公告)日:2018-10-02
申请号:US14826430
申请日:2015-08-14
发明人: Kassem Fawaz , Vinay Sridhara , Rajarshi Gupta , Yin Chen
摘要: Methods and systems for classifying mobile device behavior include generating a full classifier model that includes a finite state machine suitable for conversion into boosted decision stumps and/or which describes all or many of the features relevant to determining whether a mobile device behavior is benign or contributing to the mobile device's degradation over time. A mobile device may receive the full classifier model along with sigmoid parameters and use the model to generate a full set of boosted decision stumps from which a more focused or lean classifier model is generated by culling the full set to a subset suitable for efficiently determining whether mobile device behavior are benign. Results of applying the focused or lean classifier model may be normalized using a sigmoid function, with the resulting normalized result used to determine whether the behavior is benign or non-benign.
-
公开(公告)号:US10049327B2
公开(公告)日:2018-08-14
申请号:US14680225
申请日:2015-04-07
摘要: Methods, devices, systems, and non-transitory process-readable storage media for a computing device to use machine learning to dynamically configure an application and/or complex algorithms associated with the application. An aspect method performed by a processor of the computing device may include operations for performing an application that calls a library function associated with a complex algorithm, obtaining signals indicating user responses to performance of the application, determining whether a user tolerates the performance of the application based on the obtained signals indicating the user responses, adjusting a configuration of the application to improve a subsequent performance of the application in response to determining the user does not tolerate the performance of the application, and storing data indicating the user responses to the performance of the application and other external variables for use in subsequent evaluations of user inputs.
-
5.发明授权公开(公告)号:US09787695B2
公开(公告)日:2017-10-10
申请号:US14667461
申请日:2015-03-24
CPC分类号: H04L63/1416 , G06F21/552 , G06F21/56 , G06F2221/034 , G06N99/005 , H04L63/1425 , H04L63/145
摘要: A computing device may be configured to work in conjunction with another component (e.g., a server) to better determine whether a software application is benign or non-benign. This may be accomplished via the server performing static and/or dynamic analysis operations, generating a behavior information structure that describes or characterizes the range of correct or expected behaviors of the software application, and sending the behavior information structure to a computing device. The computing device may compare the received behavior information structure to a locally generated behavior information structure to determining whether the observed behavior of the software application differs or deviates from the expected behavior of the software application or whether the observed behavior is within the range of expected behaviors. The computing device may increase its level of security/scrutiny when the behavior information structure does not match the local behavior information structure.
-
公开(公告)号:US09684870B2
公开(公告)日:2017-06-20
申请号:US14090261
申请日:2013-11-26
发明人: Kassem Fawaz , Vinay Sridhara , Rajarshi Gupta
摘要: Methods and systems for classifying mobile device behavior include configuring a server use a large corpus of mobile device behaviors to generate a full classifier model that includes a finite state machine suitable for conversion into boosted decision stumps and/or which describes all or many of the features relevant to determining whether a mobile device behavior is benign or contributing to the mobile device's degradation over time. A mobile device may receive the full classifier model and use the model to generate a full set of boosted decision stumps from which a more focused or lean classifier model is generated by culling the full set to a subset suitable for efficiently determining whether mobile device behavior are benign. Boosted decision stumps may be culled by selecting all boosted decision stumps that depend upon a limited set of test conditions.
-
7.发明申请Methods and Systems for Using Causal Analysis for Boosted Decision Stumps to Identify and Respond to Non-Benign Behaviors 有权使用推理决策树的因果分析来识别和应对非良性行为的方法和系统公开(公告)号:US20160330223A1
公开(公告)日:2016-11-10
申请号:US14706099
申请日:2015-05-07
发明人: Vinay Sridhara , Yin Chen , Rajarshi Gupta
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , G06F21/566
摘要: A computing device processor may be configured with processor-executable instructions to implement methods of detecting and responding non-benign behaviors of the computing device. The processor may be configured to monitor device behaviors to collect behavior information, generate a behavior vector information structure based on the collected behavior information, apply the behavior vector information structure to a classifier model to generate analysis results, use the analysis results to classify a behavior of the device, use the analysis results to determine the features evaluated by the classifier model that contributed most to the classification of the behavior, and select the top “n” (e.g., 3) features that contributed most to the classification of the behavior. The computing device may display the selected features on an electronic display of the computing device.
摘要翻译: 计算设备处理器可以配置有处理器可执行指令,以实现检测和响应计算设备的非良性行为的方法。 处理器可以被配置为监视设备行为以收集行为信息,基于收集的行为信息生成行为向量信息结构,将行为向量信息结构应用于分类器模型以生成分析结果,使用分析结果对行为进行分类 的设备,使用分析结果来确定由分类器模型评估的功能,对行为的分类最有贡献,并选择对行为分类最有贡献的顶部“n”(例如,3)特征。 计算设备可以在计算设备的电子显示器上显示所选择的特征。
-
8.发明授权APIs for obtaining device-specific behavior classifier models from the cloud 有权用于从云获取特定于设备的行为分类器模型的API公开(公告)号:US09491187B2
公开(公告)日:2016-11-08
申请号:US14157606
申请日:2014-01-17
发明人: Vinay Sridhara , Rajarshi Gupta
CPC分类号: H04L63/1408 , G06F21/50 , G06F21/55 , G06F21/56 , G06F21/566 , G06N5/043 , H04L63/14 , H04L63/20 , H04L67/10 , H04L67/303 , H04W4/00
摘要: The various aspects provide a system and methods implemented on the system for generating a behavior model on a server that includes features specific to a mobile computing device and the device's current state/configuration. In the various aspects, the mobile computing device may send information identifying itself, its features, and its current state to the server. In response, the server may generate a device-specific lean classifier model for the mobile computing device based on the device's information and state and may send the device-specific lean classifier model to the device for use in detecting malicious behavior. The various aspects may enhance overall security and performance on the mobile computing device by leveraging the superior computing power and resources of the server to generate a device-specific lean classifier model that enables the device to monitor features that are actually present on the device for malicious behavior.
摘要翻译: 各个方面提供在系统上实现的系统和方法,用于在服务器上生成包括移动计算设备特有的功能和设备的当前状态/配置的行为模型。 在各个方面,移动计算设备可以向服务器发送标识自身,其特征及其当前状态的信息。 作为响应,服务器可以基于设备的信息和状态为移动计算设备生成针对设备的精简分类器模型,并且可以将设备特定的精简分类器模型发送到用于检测恶意行为的设备。 各个方面可以通过利用服务器的优越的计算能力和资源来增强移动计算设备的总体安全性和性能,以生成特定于设备的精益分类器模型,使得设备能够监视实际存在于设备上的恶意的特征 行为。
-
公开(公告)号:US09357411B2
公开(公告)日:2016-05-31
申请号:US14174956
申请日:2014-02-07
CPC分类号: H04W24/08 , G06F21/552 , H04W4/60
摘要: Mobile computing devices may be equipped with hardware components configured to monitor key assets of the mobile device at a low level (e.g., firmware level, hardware level, etc.). The hardware component may also be configured to dynamically determine the key assets that are to be monitored in the mobile device, monitor the access or use of these key assets by monitoring data flows, transactions, or operations in a system data bus of the mobile device, and report suspicious activities to a comprehensive behavioral monitoring and analysis system of the mobile device. The comprehensive behavioral monitoring and analysis system may then use this information to quickly identify and respond to malicious or performance degrading activities of the mobile device.
摘要翻译: 移动计算设备可以配备有被配置为以低水平(例如,固件级别,硬件级别等)监视移动设备的关键资产的硬件组件。 硬件组件还可以被配置为动态地确定在移动设备中要被监视的关键资产,通过监视移动设备的系统数据总线中的数据流,事务或操作来监视这些关键资产的访问或使用 将可疑活动报告给移动设备的综合行为监测和分析系统。 然后,综合行为监测和分析系统可以使用该信息来快速识别和响应移动设备的恶意或性能降级活动。
-
10.发明申请公开(公告)号:US20150356462A1
公开(公告)日:2015-12-10
申请号:US14826430
申请日:2015-08-14
发明人: Kassem Fawaz , Vinay Sridhara , Rajarshi Gupta , Yin Chen
CPC分类号: G06N99/005 , G06N5/025 , G06N5/043
摘要: Methods and systems for classifying mobile device behavior include generating a full classifier model that includes a finite state machine suitable for conversion into boosted decision stumps and/or which describes all or many of the features relevant to determining whether a mobile device behavior is benign or contributing to the mobile device's degradation over time. A mobile device may receive the full classifier model along with sigmoid parameters and use the model to generate a full set of boosted decision stumps from which a more focused or lean classifier model is generated by culling the full set to a subset suitable for efficiently determining whether mobile device behavior are benign. Results of applying the focused or lean classifier model may be normalized using a sigmoid function, with the resulting normalized result used to determine whether the behavior is benign or non-benign.
摘要翻译: 用于分类移动设备行为的方法和系统包括生成包括适合于转换为增强的决策树桩的有限状态机的完整分类器模型和/或描述与确定移动设备行为是良性还是贡献相关的所有或许多特征 随着时间的推移,移动设备的恶化。 移动设备可以连同S型参数一起接收完整的分类器模型,并使用该模型来生成一整套增强的决策树桩,通过将完整集合剔除,从而从整个集合或精益分类器模型生成更多聚焦或精益分类器模型,适用于有效地确定是否 移动设备行为是良性的。 应用聚焦或精确分类器模型的结果可以使用S形函数进行归一化,所得到的归一化结果用于确定行为是良性还是非良性。
-
-
-
-
-
-
-
-
-
搜索结果
117 条记录 (耗时 0.039 秒)
