-
21.发明公开METHODS AND SYSTEMS FOR AUTOMATED ANONYMOUS CROWDSOURCING OF CHARACTERIZED DEVICE BEHAVIORS 审中-公开用于表征设备行为的自动匿名挖掘的方法和系统
公开(公告)号:EP3271860A1
公开(公告)日:2018-01-24
申请号:EP16707353.5
申请日:2016-02-19
Applicant: Qualcomm Incorporated
Inventor: SALAJEGHEH, Mastooreh , MAHMOUDI, Mona , SRIDHARA, Vinay , CHRISTODORESCU, Mihai , CASCAVAL, Gheorghe Calin
CPC classification number: H04L63/1441 , G06F9/46 , G06F11/3409 , G06F21/552 , G06F21/6254 , H04L63/0421 , H04L63/1416 , H04L63/1425 , H04W12/02 , H04W12/12 , H04W24/10
Abstract: Methods, and devices implementing the methods, use device-specific classifiers in a privacy-preserving behavioral monitoring and analysis system for crowd-sourcing of device behaviors. Diverse devices having varying degrees of “smart” capabilities may monitor operational behaviors. Gathered operational behavior information may be transmitted to a nearby device having greater processing capabilities than a respective collecting device, or may be transmitted directly to an “always on” device. The behavior information may be used to generate behavior vectors, which may be analyzed for anomalies. Vectors containing anomaly flags may be anonymized to remove any user-identifying information and subsequently transmitted to a remote recipient such as a service provider or device manufacture. In this manner, operational behavior information may be gathered about different devices from a large number of users, to obtain statistical analysis of operational behavior for specific makes and models of devices, without divulging personal information about device users.
-
公开(公告)号:WO2017172163A1
公开(公告)日:2017-10-05
申请号:PCT/US2017/019710
申请日:2017-02-27
Applicant: QUALCOMM INCORPORATED
CPC classification number: G06F8/30 , G06F8/54 , G06F9/44521 , G06F9/44557 , G06F11/3466 , G06F11/3624 , G06F11/3644
Abstract: Various embodiments include methods for dynamically modifying shared libraries on a client computing device. Various embodiment methods may include receiving a first set of code segments and a first set of code sites associated with a first application. Each code in the first set of code sites may include an address within a compiled shared library stored on the client computing device. The compiled shared library may include one or more dummy instructions inserted at each code site in the first set of code sites, and each code segment in the first set of code segments may be associated with a code site in the first set of code sites. The client computing device may insert each code segment in the first set of code segments at its associated code site in the compiled shared library.
Abstract translation: 各种实施例包括用于动态修改客户端计算设备上的共享库的方法。 各种实施例方法可以包括接收与第一应用相关联的第一组代码段和第一组代码站点。 第一组代码站点中的每个代码可以包括存储在客户端计算设备上的编译共享库内的地址。 编译的共享库可以包括在第一组代码站点中的每个代码站点处插入的一个或多个伪指令,并且第一组代码段中的每个代码段可以与第一组代码站点中的代码站点相关联。 客户端计算设备可以将每个代码段插入到编译的共享库中的其相关代码站点处的第一组代码段中。
-
公开(公告)号:WO2017127214A1
公开(公告)日:2017-07-27
申请号:PCT/US2016/068217
申请日:2016-12-22
Applicant: QUALCOMM INCORPORATED
Inventor: SALAJEGHEH, Mastooreh , KAZDAGLI, Mikhail , CHRISTODORESCU, Mihai
CPC classification number: G06F21/552 , G06F11/3636 , G06F21/52 , G06F21/556 , G06F21/566
Abstract: Various embodiments may include methods, devices, and non-transitory processor-readable media for performing information flow tracking during execution of a software application. A hybrid static/dynamic analysis may be used to track information flow during execution of a software application. In various embodiments, the method may predict a multiple paths of execution, and may utilize these predictions to analyze only actually executing software code. By analyzing only actually executed software code, the method may provide a lightweight and resource-efficient way of detecting actual data leaks as they occur during execution of a software application.
Abstract translation: 各种实施例可以包括用于在执行软件应用程序期间执行信息流跟踪的方法,设备和非暂时性处理器可读介质。 混合静态/动态分析可用于在执行软件应用程序期间跟踪信息流。 在各种实施例中,该方法可以预测多个执行路径,并且可以利用这些预测来仅分析实际执行的软件代码。 通过仅分析实际执行的软件代码,该方法可以提供轻量且资源有效的方式来检测在软件应用程序执行期间发生的实际数据泄漏。
-
24.发明申请BEHAVIORAL ANALYSIS TO AUTOMATE DIRECT AND INDIRECT LOCAL MONITORING OF INTERNET OF THINGS DEVICE HEALTH 审中-公开自动进行直接和间接监控互联网设备健康的行为分析
公开(公告)号:WO2016140912A1
公开(公告)日:2016-09-09
申请号:PCT/US2016/020072
申请日:2016-02-29
Applicant: QUALCOMM INCORPORATED
Inventor: GUPTA, Rajarshi , SALAJEGHEH, Mastooreh , CHRISTODORESCU, Mihai , SRIDHARA, Vinay , KRISHNAMURTHI, Govindarajan
CPC classification number: H04L41/14 , H04L12/2816 , H04L41/0654 , H04L41/12 , H04L41/145 , H04L41/5061 , H04L43/04 , H04L43/08
Abstract: The disclosure generally relates to behavioral analysis to automate monitoring Internet of Things (IoT) device health in a direct and/or indirect manner. In particular, normal behavior associated with an IoT device in a local IoT network may be modeled such that behaviors observed at the IoT device may be compared to the modeled normal behavior to determine whether the behaviors observed at the IoT device are normal or anomalous. Accordingly, in a distributed IoT environment, more powerful "analyzer" devices can collect behaviors locally observed at other (e.g., simpler) "observer" devices and conduct behavioral analysis across the distributed IoT environment to detect anomalies potentially indicating malicious attacks, malfunctions, or other issues that require customer service and/or further attention. Furthermore, devices with sufficient capabilities may conduct (local) on-device behavioral analysis to detect anomalous conditions without sending locally observed behaviors to another aggregator device and/or analyzer device.
Abstract translation: 本公开通常涉及以直接和/或间接方式自动监视物联网(IoT)设备健康状况的行为分析。 特别地,可以建模与本地IoT网络中的IoT设备相关联的正常行为,使得可以将在IoT设备处观察到的行为与建模的正常行为进行比较,以确定在IoT设备处观察到的行为是正常还是异常。 因此,在分布式IoT环境中,更强大的“分析器”设备可以收集在其他(例如更简单的)“观察者”设备本地观察到的行为,并在分布式IoT环境中进行行为分析,以检测潜在地指示恶意攻击,故障或 其他需要客户服务和/或进一步关注的问题。 此外,具有足够能力的设备可以进行(本地)设备上行为分析以检测异常情况,而不将本地观察到的行为发送到另一聚合器设备和/或分析仪设备。
-
公开(公告)号:WO2016137579A1
公开(公告)日:2016-09-01
申请号:PCT/US2016/012320
申请日:2016-01-06
Applicant: QUALCOMM INCORPORATED
Inventor: CHRISTODORESCU, Mihai , BERGAN, Charles , GUPTA, Rajarshi , PATNE, Satyajit Prabhakar , RAO, Sumita
IPC: G06F21/52
CPC classification number: G06F21/554 , G06F21/52 , G06F21/566
Abstract: Aspects include computing devices, systems, and methods for implementing detecting return oriented programming (ROP) attacks on a computing device. A memory traversal map for a program called to run on the computing device may be loaded. A memory access request of the program to a memory of the computing device may be monitored and a memory address of the memory from the memory access request may be retrieved. The retrieved memory address may be compared to the memory traversal map and a determination of whether the memory access request indicates a ROP attack may be made. The memory traversal map may include a next memory address adjacent to a previous memory address in the memory traversal map. A cumulative anomaly score based on mismatches between the retrieved memory address and the memory traversal map may be calculated and used to determine whether to load a finer grain memory traversal map.
Abstract translation: 方面包括用于在计算设备上实现检测返回定向编程(ROP)攻击的计算设备,系统和方法。 可以加载被称为在计算设备上运行的程序的存储器遍历映射。 可以监视程序对计算设备的存储器的存储器访问请求,并且可以检索存储器访问请求中的存储器的存储器地址。 可以将检索的存储器地址与存储器遍历映射进行比较,并且可以确定存储器访问请求是否指示ROP攻击。 存储器遍历映射可以包括与存储器遍历映射中的先前存储器地址相邻的下一个存储器地址。 可以计算基于检索的存储器地址和存储器遍历映射之间的不匹配的累积异常得分,并用于确定是否加载更精细的存储器遍历映射。
-
Patent Agency Ranking
公开(公告)号:WO2016122799A1
公开(公告)日:2016-08-04
申请号:PCT/US2015/066442
申请日:2015-12-17
Applicant: QUALCOMM INCORPORATED
Inventor: YOON, Man Ki , SALAJEGHEH, Mastooreh , CHRISTODORESCU, Mihai , CHEN, Yin , SRIDHARA, Vinay , GUPTA, Rajarshi
IPC: G06F21/52
CPC classification number: G06F11/0751 , G06F9/54 , G06F11/073 , G06F11/36 , G06F11/3604 , G06F11/3612 , G06F11/366 , G06F11/3668 , G06F21/52 , G06F21/577
Abstract: Methods and devices for tracking data flows in a computing device include monitoring memory in a hardware component of the computing device to identify a read operation that reads information from a tainted memory address, using heuristics to identify a first, second, and third number of operations performed after the identified read operation, marking memory addresses of write operations performed after first number of operations and before the second number of operations as tainted, and marking memory addresses of write operations performed after the third number of operations and before the second number of operations as untainted.
Abstract translation: 用于在计算设备中跟踪数据流的方法和设备包括监视计算设备的硬件组件中的存储器,以识别从污染存储器地址读取信息的读取操作,使用启发式来识别第一,第二和第三数量的操作 在所识别的读取操作之后执行,标记在第一次操作之后和在第二次操作之前执行的写入操作的存储器地址,并且标记在第三次操作之后和第二次操作之前执行的写入操作的存储器地址 没有了。
-
公开(公告)号:WO2016060737A1
公开(公告)日:2016-04-21
申请号:PCT/US2015/046097
申请日:2015-08-20
Applicant: QUALCOMM INCORPORATED
Inventor: CHRISTODORESCU, Mihai , SALAJEGHEH, Mastooreh , SUAREZ GRACIA, Dario
CPC classification number: G06F3/0604 , G06F3/0653 , G06F3/0673 , G06F11/3003 , G06F11/3037 , G06F11/3471 , G06F21/56 , G06F2201/86 , G06F2201/865 , G06F2201/885 , G06F2221/034
Abstract: Aspects include computing devices, systems, and methods for implementing monitoring communications between components and a memory hierarchy of a computing device. The computing device may determine at least one identifying factor for identifying execution of the processor-executable code. A communication between the components and the memory hierarchy of the computing device may be monitored for at least one communication factor of a same type as the at least one identifying factor. A determination whether a value of the at least one identifying factor matches a value of the at least one communication factor may be made. The computing device may determine that the processor-executable code is executed in response to determining that the value of the at least one identifying factor matches the value of the at least one communication factor.
Abstract translation: 方面包括用于实现组件之间的监视通信和计算设备的存储器层次结构的计算设备,系统和方法。 计算设备可以确定用于识别处理器可执行代码的执行的至少一个识别因素。 可以针对与至少一个识别因素相同类型的至少一个通信因素来监视计算设备的组件和存储器层次之间的通信。 可以进行至少一个识别因素的值是否与至少一个通信因素的值相匹配的确定。 响应于确定至少一个识别因子的值与至少一个通信因子的值相匹配,计算设备可以确定执行处理器可执行代码。
-
公开(公告)号:EP3433748A1
公开(公告)日:2019-01-30
申请号:EP17709877.9
申请日:2017-02-24
Applicant: Qualcomm Incorporated
Inventor: CHRISTODORESCU, Mihai , DHURJATI, Dinakar , ISLAM, Nayeem
-
公开(公告)号:EP2949144A2
公开(公告)日:2015-12-02
申请号:EP14704451.5
申请日:2014-01-24
Applicant: Qualcomm Incorporated
Inventor: GUPTA, Rajarshi , SRIDHARA, Vinay , GATHALA, Sudha Anil Kumar , WEI, Xuetao , CHRISTODORESCU, Mihai
Abstract: Methods, devices and systems for detecting suspicious or performance-degrading mobile device behaviors intelligently, dynamically, and/or adaptively determine computing device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the mobile device behaviors are to be observed. The various aspects efficiently identify suspicious or performance-degrading mobile device behaviors without requiring an excessive amount of processing, memory, or energy resources.
-
公开(公告)号:EP3375159B1
公开(公告)日:2020-03-18
申请号:EP16788852.8
申请日:2016-10-11
Applicant: Qualcomm Incorporated
-
-
-
-
-
-
-
-
-
Search Results
34
records
(took 0.033 seconds)
