公开(公告)号：WO2016148840A1

公开(公告)日：2016-09-22

申请号：PCT/US2016/018669

申请日：2016-02-19

Applicant: QUALCOMM INCORPORATED

Inventor： SALAJEGHEH, Mastooreh ,  MAHMOUDI, Mona ,  SRIDHARA, Vinay ,  CHRISTODORESCU, Mihai ,  CASCAVAL, Gheorghe Calin

IPC: G06F21/62 ,  G06F21/55 ,  G06F9/46 ,  G06F11/34 ,  H04W24/00 ,  H04W24/02 ,  H04L29/06 ,  G06F21/50

CPC classification number: H04L63/1441 ,  G06F9/46 ,  G06F11/3409 ,  G06F21/552 ,  G06F21/6254 ,  H04L63/0421 ,  H04L63/1416 ,  H04L63/1425 ,  H04W12/02 ,  H04W12/12 ,  H04W24/10

Abstract: Methods, and devices implementing the methods, use device-specific classifiers in a privacy-preserving behavioral monitoring and analysis system for crowd-sourcing of device behaviors. Diverse devices having varying degrees of "smart" capabilities may monitor operational behaviors. Gathered operational behavior information may be transmitted to a nearby device having greater processing capabilities than a respective collecting device, or may be transmitted directly to an "always on" device. The behavior information may be used to generate behavior vectors, which may be analyzed for anomalies. Vectors containing anomaly flags may be anonymized to remove any user-identifying information and subsequently transmitted to a remote recipient such as a service provider or device manufacture. In this manner, operational behavior information may be gathered about different devices from a large number of users, to obtain statistical analysis of operational behavior for specific makes and models of devices, without divulging personal information about device users.

Abstract translation: 方法和实现方法的设备在隐私保护行为监控和分析系统中使用设备特定的分类器，用于人群来源的设备行为。 具有不同程度的“智能”能力的不同装置可以监视操作行为。 聚集的操作行为信息可以被发送到具有比相应的收集装置更大的处理能力的附近设备，或者可以直接传送到“始终处于”设备。 行为信息可以用于生成行为矢量，可以对异常进行分析。 可以对包含异常标志的向量进行匿名处理，以消除任何用户识别信息，并随后发送到诸如服务提供商或设备制造的远程接收者。 以这种方式，可以从大量用户收集关于不同设备的操作行为信息，以获得关于特定设备和型号的操作行为的统计分析，而不泄漏关于设备用户的个人信息。

公开(公告)号：WO2015080871A1

公开(公告)日：2015-06-04

申请号：PCT/US2014/065528

申请日：2014-11-13

Applicant: QUALCOMM INCORPORATED

Inventor： FIALA, David ,  CHRISTODORESCU, Mihai ,  SRIDHARA, Vinay ,  GUPTA, Rajarshi ,  FAWAZ, Kassem

IPC: G06F21/56

CPC classification number: G06F21/56 ,  G06F21/566

Abstract: The various aspects provide for a computing device and methods implemented by the device to ensure that an application executing on the device and seeking root access will not cause malicious behavior while after receiving root access. Before giving the application root access, the computing device may identify operations the application intends to execute while having root access, determine whether executing the operations will cause malicious behavior by simulating execution of the operations, and pre-approve those operations after determining that executing those operations will not result in malicious behavior. Further, after giving the application root access, the computing device may only allow the application to perform pre-approved operations by quickly checking the application's pending operations against the pre-approved operations before allowing the application to perform those operations. Thus, the various aspects may ensure that an application receives root access without compromising the performance or security integrity of the computing device.

Abstract translation: 各种方面提供了一种计算设备和由设备实现的方法，以确保在接收根访问之后在设备上执行并寻求root访问的应用不会引起恶意行为。 在给予应用程序根访问之前，计算设备可以识别应用程序在具有root访问的同时执行的操作，确定执行操作是否会通过模拟操作的执行而导致恶意行为，并且在确定执行这些操作之后预先批准这些操作 操作不会导致恶意行为。 此外，在给予应用程序根访问之后，计算设备可以仅允许应用程序通过在允许应用程序执行这些操作之前快速检查应用程序针对预先批准的操作的待处理操作来执行预先批准的操作。 因此，各个方面可以确保应用程序接收根访问，而不会影响计算设备的性能或安全完整性。

公开(公告)号：WO2018144112A1

公开(公告)日：2018-08-09

申请号：PCT/US2017/063593

申请日：2017-11-29

Applicant: QUALCOMM INCORPORATED

Inventor： KAYACIK, Hilmi Gunes ,  DHURJATI, Dinkar ,  CHRISTODORESCU, Mihai ,  ALIEV, Alexey

IPC: G06F21/55 ,  H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/552 ,  H04L63/02 ,  H04L63/0245 ,  H04L63/1425 ,  H04L67/02

Abstract: Embodiments include computing devices, apparatus, and methods implemented by the apparatus for implementing anomalous hypertext transfer protocol (HTTP) event detection on a computing device. The computing device may receive an HTTP response, from a web application, having a first semi-structured data of a uniform resource locator (URL), store the first semi-structured data, compare a first plurality of stored semi-structured data of a plurality of URLs of a plurality of HTTP responses from the web application, identify a pattern in the first plurality of stored semi-structured data, define a first invariant for the HTTP response based on an identified pattern, and defining a first generic feature for the first invariant.

公开(公告)号：WO2016148837A1

公开(公告)日：2016-09-22

申请号：PCT/US2016/018659

申请日：2016-02-19

Applicant: QUALCOMM INCORPORATED

Inventor： CHRISTODORESCU, Mihai ,  SALAJEGHEH, Mastooreh ,  GUPTA, Rajarshi ,  ISLAM, Nayeem

IPC: G06F11/34 ,  G06F9/45

CPC classification number: G06F11/3466 ,  G06F8/443 ,  G06F11/3003 ,  G06F11/302 ,  G06F11/3051 ,  G06F11/3495 ,  G06F11/3612 ,  G06F11/362 ,  G06F11/3624

Abstract: Various aspects provide systems and methods for optimizing hardware monitoring on a computing device. A computing device may receive a monitoring request to monitor a portion of code or data within a process executing on the computing device. The computing device may generate from the monitoring request a first monitoring configuration parameter for a first hardware monitoring component in the computing device and may identify a non-optimal event pattern that occurs while the first hardware monitoring component monitors the portion of code or data according to the first monitoring configuration parameter. The computing device may apply a transformation to the portion of code or data and reconfigure the first hardware monitoring component by modifying the first monitoring configuration parameter in response to the transformation of the portion of code or data.

Abstract translation: 各个方面提供用于优化计算设备上的硬件监视的系统和方法。 计算设备可以接收监视请求以监视在计算设备上执行的过程中的代码或数据的一部分。 所述计算设备可以从所述监视请求生成所述计算设备中的第一硬件监视组件的第一监视配置参数，并且可以识别当所述第一硬件监视组件根据所述第一硬件监视组件监视所述代码或数据的所述部分时发生的非最佳事件模式 第一个监控配置参数。 计算设备可以对代码或数据的一部分应用变换，并且通过响应于代码或数据的部分的变换来修改第一监视配置参数来重新配置第一硬件监控组件。

公开(公告)号：WO2015112760A1

公开(公告)日：2015-07-30

申请号：PCT/US2015/012525

申请日：2015-01-22

Applicant: QUALCOMM INCORPORATED

Inventor： GUPTA, Rajarshi ,  SRIDHARA, Vinay ,  CHRISTODORESCU, Mihai

IPC: H04W24/08 ,  H04W24/04 ,  G06F21/31 ,  G06F21/50

CPC classification number: H04W24/08 ,  G06F11/3013 ,  G06F11/3096 ,  G06F11/3409 ,  G06F11/3452 ,  G06F11/3466 ,  G06F11/348 ,  G06F21/50 ,  G06F21/552 ,  G06F21/567 ,  G06F2221/2111 ,  G06F2221/2115 ,  H04W12/12

Abstract: Detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources. In an embodiment, a method for observing mobile device behaviors over a period of time to recognize mobile device behaviors inconsistent with normal operation patterns is disclosed. The method comprises determining in a processor of a mobile device a feature that is to be observed in the mobile device in order to identify a suspicious behavior of the mobile device, and adaptively observing the determined feature by collecting behavior information from a hardware component associated with the determined feature.

Abstract translation: 智能地，动态地和/或自适应地检测待观察的计算设备行为，要观察的行为的数量以及移动设备行为的细节或粒度的级别来检测可疑或性能降级的移动设备行为 要观察。 各个方面有效地识别可疑或降低性能的移动设备行为，而不需要过多的处理，存储器或能量资源。 在一个实施例中，公开了一种在一段时间内观察移动设备行为以识别与正常操作模式不一致的移动设备行为的方法。 该方法包括在移动设备的处理器中确定要在移动设备中观察到的特征，以便识别移动设备的可疑行为，并且通过从与硬件组件相关联的硬件组件收集行为信息来自适应地观察所确定的特征 确定的功能。

公开(公告)号：EP3266159B1

公开(公告)日：2019-03-20

申请号：EP16709894.6

申请日：2016-02-29

Applicant: Qualcomm Incorporated

Inventor： GUPTA, Rajarshi ,  SALAJEGHEH, Mastooreh ,  CHRISTODORESCU, Mihai ,  SRIDHARA, Vinay ,  KRISHNAMURTHI, Govindarajan

IPC: H04L12/26 ,  H04L12/28 ,  H04L12/24

公开(公告)号：EP3266159A1

公开(公告)日：2018-01-10

申请号：EP16709894.6

申请日：2016-02-29

Applicant: Qualcomm Incorporated

Inventor： GUPTA, Rajarshi ,  SALAJEGHEH, Mastooreh ,  CHRISTODORESCU, Mihai ,  SRIDHARA, Vinay ,  KRISHNAMURTHI, Govindarajan

IPC: H04L12/28 ,  H04L12/24

CPC classification number: H04L41/14 ,  H04L12/2816 ,  H04L41/0654 ,  H04L41/12 ,  H04L41/145 ,  H04L41/5061 ,  H04L43/04 ,  H04L43/08

Abstract: The disclosure generally relates to behavioral analysis to automate monitoring Internet of Things (IoT) device health in a direct and/or indirect manner. In particular, normal behavior associated with an IoT device in a local IoT network may be modeled such that behaviors observed at the IoT device may be compared to the modeled normal behavior to determine whether the behaviors observed at the IoT device are normal or anomalous. Accordingly, in a distributed IoT environment, more powerful “analyzer” devices can collect behaviors locally observed at other (e.g., simpler) “observer” devices and conduct behavioral analysis across the distributed IoT environment to detect anomalies potentially indicating malicious attacks, malfunctions, or other issues that require customer service and/or further attention. Furthermore, devices with sufficient capabilities may conduct (local) on-device behavioral analysis to detect anomalous conditions without sending locally observed behaviors to another aggregator device and/or analyzer device.

公开(公告)号：EP2949144B1

公开(公告)日：2020-09-16

申请号：EP14704451.5

申请日：2014-01-24

Applicant: Qualcomm Incorporated

Inventor： GUPTA, Rajarshi ,  SRIDHARA, Vinay ,  GATHALA, Sudha Anil Kumar ,  WEI, Xuetao ,  CHRISTODORESCU, Mihai

IPC: H04W24/04 ,  H04L29/06 ,  G06F21/31

公开(公告)号：EP3436936A1

公开(公告)日：2019-02-06

申请号：EP17711402.2

申请日：2017-02-27

Applicant: Qualcomm Incorporated

Inventor： GATHALA, Sudha Anil Kumar ,  CHRISTODORESCU, Mihai ,  SALAJEGHEH, Mastooreh

IPC: G06F9/445 ,  G06F11/36 ,  G06F11/34

公开(公告)号：EP3375159A1

公开(公告)日：2018-09-19

申请号：EP16788852.8

申请日：2016-10-11

Applicant: Qualcomm Incorporated

Inventor： AHMADZADEH, Seyed Ali ,  ISLAM, Nayeem ,  CHRISTODORESCU, Mihai ,  GUPTA, Rajarshi ,  DAS, Saumitra Mohan

IPC: H04L29/06 ,  G06F21/56 ,  G06F21/55 ,  G06F21/57

Abstract: Various embodiments include a honeypot system configured to trigger malicious activities by malicious applications using a behavioral analysis algorithm and dynamic resource provisioning. A method performed by a processor of a computing device, which may be a mobile computing device, may include determining whether or not a target application currently executing on the computing device is potentially malicious based, at least in part, on the analysis, predicting a triggering condition of the target application in response to determining the target application is potentially malicious, provisioning one or more resources based, at least in part, on the predicted triggering condition, monitoring activities of the target application corresponding to the provisioned one or more resources, and determining whether or not the target application is a malicious application based, at least in part, on the monitored activities. The resources may be device components (e.g., network interface(s), sensor(s), etc.) and/or data (e.g., files, etc.).