CN105074718A - 具有多个分析仪模型提供商的移动设备中的在线行为分析引擎 - Google Patents

具有多个分析仪模型提供商的移动设备中的在线行为分析引擎 Download PDF

Info

Publication number
CN105074718A
CN105074718A CN201480008643.9A CN201480008643A CN105074718A CN 105074718 A CN105074718 A CN 105074718A CN 201480008643 A CN201480008643 A CN 201480008643A CN 105074718 A CN105074718 A CN 105074718A
Authority
CN
China
Prior art keywords
behavior
mobile device
behavior model
processor
model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201480008643.9A
Other languages
English (en)
Chinese (zh)
Inventor
R·古普塔
M·巴普斯特
M·H·雷沙迪
S·库马尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/937,462 external-priority patent/US9747440B2/en
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of CN105074718A publication Critical patent/CN105074718A/zh
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/04Inference or reasoning models
    • G06N5/043Distributed expert systems; Blackboards

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Debugging And Monitoring (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
CN201480008643.9A 2013-02-15 2014-02-06 具有多个分析仪模型提供商的移动设备中的在线行为分析引擎 Pending CN105074718A (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201361765461P 2013-02-15 2013-02-15
US61/765,461 2013-02-15
US13/937,462 US9747440B2 (en) 2012-08-15 2013-07-09 On-line behavioral analysis engine in mobile device with multiple analyzer model providers
US13/937,462 2013-07-09
PCT/US2014/015088 WO2014126779A1 (en) 2013-02-15 2014-02-06 On-line behavioral analysis engine in mobile device with multiple analyzer model providers

Publications (1)

Publication Number Publication Date
CN105074718A true CN105074718A (zh) 2015-11-18

Family

ID=51354483

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480008643.9A Pending CN105074718A (zh) 2013-02-15 2014-02-06 具有多个分析仪模型提供商的移动设备中的在线行为分析引擎

Country Status (5)

Country Link
EP (1) EP2956884B1 (enExample)
JP (1) JP6305442B2 (enExample)
KR (1) KR20150119895A (enExample)
CN (1) CN105074718A (enExample)
WO (1) WO2014126779A1 (enExample)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778241A (zh) * 2016-11-28 2017-05-31 东软集团股份有限公司 恶意文件的识别方法及装置
CN108366788A (zh) * 2015-11-30 2018-08-03 任旭彬 利用dnn学习的细胞异常与否诊断系统及诊断管理方法
CN110325998A (zh) * 2017-02-24 2019-10-11 瑞典爱立信有限公司 使用机器学习对实例进行分类
CN112241364A (zh) * 2019-07-18 2021-01-19 西门子股份公司 用于为计算机控制的组件提供应用的方法和测试环境
CN113168273A (zh) * 2018-10-09 2021-07-23 施耐德电气美国股份有限公司 动态本体数据操作
CN114697362A (zh) * 2016-07-02 2022-07-01 英特尔公司 用于物联网的认知边缘处理
EP3918500B1 (en) * 2019-03-05 2024-04-24 Siemens Industry Software Inc. Machine learning-based anomaly detections for embedded software applications

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11507663B2 (en) 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US9710648B2 (en) 2014-08-11 2017-07-18 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US9710752B2 (en) * 2014-09-11 2017-07-18 Qualcomm Incorporated Methods and systems for aggregated multi-application behavioral analysis of mobile device behaviors
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
JP6767924B2 (ja) 2017-05-19 2020-10-14 東芝映像ソリューション株式会社 システム、方法及びプログラム
JP6767926B2 (ja) 2017-05-23 2020-10-14 東芝映像ソリューション株式会社 電子装置、方法及びプログラム
JP2020530922A (ja) 2017-08-08 2020-10-29 センチネル ラボ, インコーポレイテッドSentinel Labs, Inc. エッジネットワーキングのエンドポイントを動的にモデリングおよびグループ化する方法、システム、およびデバイス
WO2019066099A1 (ko) * 2017-09-27 2019-04-04 (주)알티캐스트 통합된 분석 모델에 기초하여 이상 행동을 감지하는 시스템 및 그 방법
KR101971799B1 (ko) * 2017-11-08 2019-05-13 주식회사 알티캐스트 통합된 분석 모델에 기초하여 이상 행동을 감지하는 시스템 및 그 방법
US11470115B2 (en) 2018-02-09 2022-10-11 Attivo Networks, Inc. Implementing decoys in a network environment
WO2020075270A1 (ja) * 2018-10-11 2020-04-16 株式会社ウフル 機械学習モデル切替システム、機械学習モデル切替方法及びプログラム
WO2020075271A1 (ja) * 2018-10-11 2020-04-16 株式会社ウフル 機械学習モデル切替システム、機械学習モデル切替方法及びプログラム
JP7278423B2 (ja) 2019-05-20 2023-05-19 センチネル ラブス イスラエル リミテッド 実行可能コード検出、自動特徴抽出及び位置独立コード検出のためのシステム及び方法
KR102310187B1 (ko) * 2019-09-25 2021-10-08 한국전자기술연구원 복수의 엣지와 클라우드를 포함하는 분산 컴퓨팅 시스템 및 이의 적응적 지능 활용을 위한 분석 모델 제공 방법
CA3126246A1 (en) * 2020-08-12 2022-02-12 T-Mobile Usa, Inc. Rules-based just-in-time mobile content service
US12126630B2 (en) 2020-10-19 2024-10-22 Pathlock Inc. Systems, methods, and devices for implementing security operations in a security platform
CN116250270A (zh) * 2020-10-28 2023-06-09 华为技术有限公司 一种模型配置方法及装置
KR102431555B1 (ko) * 2020-11-05 2022-08-11 주식회사 에벤에셀케이 스토리지를 공유하는 프로세스 간의 연계를 통해 데이터를 처리하기 위한 방법, 시스템, 및 컴퓨터-판독가능 매체
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
US12452273B2 (en) 2022-03-30 2025-10-21 SentinelOne, Inc Systems, methods, and devices for preventing credential passing attacks
WO2024152041A1 (en) 2023-01-13 2024-07-18 SentinelOne, Inc. Classifying cybersecurity threats using machine learning on non-euclidean data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101689167A (zh) * 2007-06-29 2010-03-31 微软公司 在分布式系统中逐步实现声明性模型
CN102110211A (zh) * 2009-12-26 2011-06-29 英特尔公司 用于管理安全事件的方法和装置
CN102222192A (zh) * 2010-12-24 2011-10-19 卡巴斯基实验室封闭式股份公司 通过自动修正检测规则优化反恶意软件处理
US8108929B2 (en) * 2004-10-19 2012-01-31 Reflex Systems, LLC Method and system for detecting intrusive anomalous use of a software system using multiple detection algorithms
CN102651061A (zh) * 2011-04-19 2012-08-29 卡巴斯基实验室封闭式股份公司 用于检测复杂恶意软件的系统和方法
CN102790758A (zh) * 2011-05-18 2012-11-21 海尔集团公司 防火墙系统及其处理方法

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7487543B2 (en) * 2002-07-23 2009-02-03 International Business Machines Corporation Method and apparatus for the automatic determination of potentially worm-like behavior of a program
JP2006053788A (ja) * 2004-08-12 2006-02-23 Ntt Docomo Inc ソフトウェア動作監視装置及びソフトウェア動作監視方法
US8479286B2 (en) * 2009-12-15 2013-07-02 Mcafee, Inc. Systems and methods for behavioral sandboxing
WO2012071533A1 (en) * 2010-11-24 2012-05-31 LogRhythm Inc. Advanced intelligence engine
US20120167218A1 (en) * 2010-12-23 2012-06-28 Rajesh Poornachandran Signature-independent, system behavior-based malware detection
WO2012109533A1 (en) * 2011-02-10 2012-08-16 Beyondtrust Software, Inc. System and method for detecting or preventing data leakage using behavior profiling
JP5665188B2 (ja) * 2011-03-31 2015-02-04 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation ソフトウエア更新を適用した情報処理装置を検査するシステム

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8108929B2 (en) * 2004-10-19 2012-01-31 Reflex Systems, LLC Method and system for detecting intrusive anomalous use of a software system using multiple detection algorithms
CN101689167A (zh) * 2007-06-29 2010-03-31 微软公司 在分布式系统中逐步实现声明性模型
CN102110211A (zh) * 2009-12-26 2011-06-29 英特尔公司 用于管理安全事件的方法和装置
CN102222192A (zh) * 2010-12-24 2011-10-19 卡巴斯基实验室封闭式股份公司 通过自动修正检测规则优化反恶意软件处理
CN102651061A (zh) * 2011-04-19 2012-08-29 卡巴斯基实验室封闭式股份公司 用于检测复杂恶意软件的系统和方法
CN102790758A (zh) * 2011-05-18 2012-11-21 海尔集团公司 防火墙系统及其处理方法

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ASHKAN SHARIFI SHAMILI ET AL: "Malware Detection on Mobile Devices using Distributed Machine Learning", 《2010 INTERNATIONAL CONFERENCE ON PATTERN RECOGNITION》 *
IKER BURGUERA ET AL: "Crowdroid:Behavior-Based Malware Detection System for Android", 《THE 1ST ACM WORKSHOP ON SECURITY AND PRIVACY IN SMARTPHONES AND MOBILE DEVICES》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108366788A (zh) * 2015-11-30 2018-08-03 任旭彬 利用dnn学习的细胞异常与否诊断系统及诊断管理方法
CN114697362A (zh) * 2016-07-02 2022-07-01 英特尔公司 用于物联网的认知边缘处理
CN106778241A (zh) * 2016-11-28 2017-05-31 东软集团股份有限公司 恶意文件的识别方法及装置
CN106778241B (zh) * 2016-11-28 2020-12-25 东软集团股份有限公司 恶意文件的识别方法及装置
CN110325998A (zh) * 2017-02-24 2019-10-11 瑞典爱立信有限公司 使用机器学习对实例进行分类
CN110325998B (zh) * 2017-02-24 2024-03-12 瑞典爱立信有限公司 使用机器学习对实例进行分类
CN113168273A (zh) * 2018-10-09 2021-07-23 施耐德电气美国股份有限公司 动态本体数据操作
EP3918500B1 (en) * 2019-03-05 2024-04-24 Siemens Industry Software Inc. Machine learning-based anomaly detections for embedded software applications
CN112241364A (zh) * 2019-07-18 2021-01-19 西门子股份公司 用于为计算机控制的组件提供应用的方法和测试环境

Also Published As

Publication number Publication date
JP2016512631A (ja) 2016-04-28
KR20150119895A (ko) 2015-10-26
EP2956884A1 (en) 2015-12-23
JP6305442B2 (ja) 2018-04-04
WO2014126779A1 (en) 2014-08-21
EP2956884B1 (en) 2020-09-09

Similar Documents

Publication Publication Date Title
US9747440B2 (en) On-line behavioral analysis engine in mobile device with multiple analyzer model providers
EP2956884B1 (en) On-line behavioral analysis engine in mobile device with multiple analyzer model providers
CN104272788B (zh) 在移动计算装置中传达行为信息
US9609456B2 (en) Methods, devices, and systems for communicating behavioral analysis information
US9756066B2 (en) Secure behavior analysis over trusted execution environment
EP2850865B1 (en) Minimizing latency of behavioral analysis using signature caches
US9298494B2 (en) Collaborative learning for efficient behavioral analysis in networked mobile device
US20160232353A1 (en) Determining Model Protection Level On-Device based on Malware Detection in Similar Devices
US9606893B2 (en) Methods and systems of generating application-specific models for the targeted protection of vital applications
US9495537B2 (en) Adaptive observation of behavioral features on a mobile device
US9357397B2 (en) Methods and systems for detecting malware and attacks that target behavioral security mechanisms of a mobile device
EP3142048A1 (en) Architecture for client-cloud behavior analyzer
WO2013173000A2 (en) On-device real-time behavior analyzer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20190924

AD01 Patent right deemed abandoned