Unlock instant, AI-driven research and patent intelligence for your innovation.

Devices and methods for classifying an execution session

A classifier, a technology for executing instructions, applied in the direction of security devices, computer security devices, instruments, etc., can solve the problem of not considering the context of the task execution task of the software application, not considering it, etc.

Active Publication Date: 2019-03-15
QUALCOMM INC
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this is often not considered when evaluating software applications for malware
[0002] Traditional malware detection systems do not consider the context in which software applications perform tasks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Devices and methods for classifying an execution session
  • Devices and methods for classifying an execution session
  • Devices and methods for classifying an execution session

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] Various embodiments will be described in detail with reference to the accompanying drawings. Wherever possible, the same reference numbers will be used throughout the drawings to refer to the same or like parts. References made to particular examples and implementations are for illustrative purposes and are not intended to limit the scope of the appended claims.

[0018] In summary, various embodiments include methods of determining an execution session context of a software application or process in a mobile device and computing devices configured to perform the method. Various embodiments may include monitoring several system activities (eg, operating state changes, API calls) and user activities (eg, user interface interactions, user initiation of software applications) of a software application or process to collect behavioral information. Various embodiments may include correlating system activity and user activity with each other to determine concurrent behavior,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Methods, systems and devices compute and use the execution session contexts of software applications to perform behavioral monitoring and analysis operations. A mobile device may be configured to monitor user activity and system activity of a software application, generate a shadow feature value that identifies actual execution session context of the software application during that activity, generate a behavior vector that incorporates context into the values describing behaviors, and determine whether the activity is malicious or benign based, at least in part, on the generated behavior vector. The mobile device processor may also be configured to intelligently determine whether the execution session context of a software application is relevant to determining whether any of the monitored mobile device behaviors are malicious or suspicious, and monitor only the execution session contexts of the software applications for which such determinations are relevant.

Description

Background technique [0001] In a behavior monitoring and analysis system, the context in which a software application performs a task is not used to determine whether the application's activities are malicious. For example, activities that inherently require user interaction (e.g., using the camera, sending an SMS message, etc.) are often performed in the "foreground" execution state, so the performance of this activity may vary when the software application is in the "background" execution state. Indicates that the activity in question is malicious. However, this is often not considered when evaluating software applications for malware. [0002] Traditional malware detection systems do not consider the context in which software applications perform tasks. Conventional malware detection systems may rely solely on the operating state of a software application to determine whether the application is allowed to perform certain tasks. For example, an application executing in th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55H04W12/12
CPCH04L63/1441G06F21/552G06F2221/2151H04W12/128G06F2221/033
Inventor 陈寅李东维纳伊·斯里达拉
Owner QUALCOMM INC