KR20150119895A - 다수의 분석기 모델 제공자들을 갖는 이동 디바이스에서의 온-라인 거동 분석 엔진 - Google Patents

다수의 분석기 모델 제공자들을 갖는 이동 디바이스에서의 온-라인 거동 분석 엔진 Download PDF

Info

Publication number
KR20150119895A
KR20150119895A KR1020157024676A KR20157024676A KR20150119895A KR 20150119895 A KR20150119895 A KR 20150119895A KR 1020157024676 A KR1020157024676 A KR 1020157024676A KR 20157024676 A KR20157024676 A KR 20157024676A KR 20150119895 A KR20150119895 A KR 20150119895A
Authority
KR
South Korea
Prior art keywords
mobile device
behavior
model
processor
behavioral
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
KR1020157024676A
Other languages
English (en)
Korean (ko)
Inventor
라자르시 굽타
마크 밥스트
모하마드 호세인 레샤디
사미르 쿠마르
Original Assignee
퀄컴 인코포레이티드
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/937,462 external-priority patent/US9747440B2/en
Application filed by 퀄컴 인코포레이티드 filed Critical 퀄컴 인코포레이티드
Publication of KR20150119895A publication Critical patent/KR20150119895A/ko
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/04Inference or reasoning models
    • G06N5/043Distributed expert systems; Blackboards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Debugging And Monitoring (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
KR1020157024676A 2013-02-15 2014-02-06 다수의 분석기 모델 제공자들을 갖는 이동 디바이스에서의 온-라인 거동 분석 엔진 Withdrawn KR20150119895A (ko)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201361765461P 2013-02-15 2013-02-15
US61/765,461 2013-02-15
US13/937,462 US9747440B2 (en) 2012-08-15 2013-07-09 On-line behavioral analysis engine in mobile device with multiple analyzer model providers
US13/937,462 2013-07-09
PCT/US2014/015088 WO2014126779A1 (en) 2013-02-15 2014-02-06 On-line behavioral analysis engine in mobile device with multiple analyzer model providers

Publications (1)

Publication Number Publication Date
KR20150119895A true KR20150119895A (ko) 2015-10-26

Family

ID=51354483

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020157024676A Withdrawn KR20150119895A (ko) 2013-02-15 2014-02-06 다수의 분석기 모델 제공자들을 갖는 이동 디바이스에서의 온-라인 거동 분석 엔진

Country Status (5)

Country Link
EP (1) EP2956884B1 (enExample)
JP (1) JP6305442B2 (enExample)
KR (1) KR20150119895A (enExample)
CN (1) CN105074718A (enExample)
WO (1) WO2014126779A1 (enExample)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190036144A (ko) * 2017-09-27 2019-04-04 주식회사 알티캐스트 통합된 분석 모델에 기초하여 이상 행동을 감지하는 시스템 및 그 방법
KR20190036422A (ko) * 2017-11-08 2019-04-04 주식회사 알티캐스트 통합된 분석 모델에 기초하여 이상 행동을 감지하는 시스템 및 그 방법
WO2021060609A1 (ko) * 2019-09-25 2021-04-01 전자부품연구원 복수의 엣지와 클라우드를 포함하는 분산 컴퓨팅 시스템 및 이의 적응적 지능 활용을 위한 모델 제공 방법

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11507663B2 (en) 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US9710648B2 (en) 2014-08-11 2017-07-18 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US9710752B2 (en) * 2014-09-11 2017-07-18 Qualcomm Incorporated Methods and systems for aggregated multi-application behavioral analysis of mobile device behaviors
KR101822404B1 (ko) * 2015-11-30 2018-01-26 임욱빈 Dnn 학습을 이용한 세포이상 여부 진단시스템
EP3479548A4 (en) * 2016-07-02 2019-12-11 INTEL Corporation COGNITIVE EDGE PROCESSING FOR INTERNET-THE-THINGS NETWORKS
CN106778241B (zh) * 2016-11-28 2020-12-25 东软集团股份有限公司 恶意文件的识别方法及装置
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
CN110325998B (zh) * 2017-02-24 2024-03-12 瑞典爱立信有限公司 使用机器学习对实例进行分类
JP6767924B2 (ja) 2017-05-19 2020-10-14 東芝映像ソリューション株式会社 システム、方法及びプログラム
JP6767926B2 (ja) 2017-05-23 2020-10-14 東芝映像ソリューション株式会社 電子装置、方法及びプログラム
JP2020530922A (ja) 2017-08-08 2020-10-29 センチネル ラボ, インコーポレイテッドSentinel Labs, Inc. エッジネットワーキングのエンドポイントを動的にモデリングおよびグループ化する方法、システム、およびデバイス
US11470115B2 (en) 2018-02-09 2022-10-11 Attivo Networks, Inc. Implementing decoys in a network environment
WO2020076998A1 (en) * 2018-10-09 2020-04-16 Schneider Electric USA, Inc. Dynamic ontology data operation
WO2020075270A1 (ja) * 2018-10-11 2020-04-16 株式会社ウフル 機械学習モデル切替システム、機械学習モデル切替方法及びプログラム
WO2020075271A1 (ja) * 2018-10-11 2020-04-16 株式会社ウフル 機械学習モデル切替システム、機械学習モデル切替方法及びプログラム
US20220147614A1 (en) * 2019-03-05 2022-05-12 Siemens Industry Software Inc. Machine learning-based anomaly detections for embedded software applications
JP7278423B2 (ja) 2019-05-20 2023-05-19 センチネル ラブス イスラエル リミテッド 実行可能コード検出、自動特徴抽出及び位置独立コード検出のためのシステム及び方法
EP3767503B1 (de) * 2019-07-18 2025-02-19 Siemens Aktiengesellschaft Verfahren und testumgebung zur bereitstellung einer anwendung für eine computergesteuerte komponente
CA3126246A1 (en) * 2020-08-12 2022-02-12 T-Mobile Usa, Inc. Rules-based just-in-time mobile content service
US12126630B2 (en) 2020-10-19 2024-10-22 Pathlock Inc. Systems, methods, and devices for implementing security operations in a security platform
CN116250270A (zh) * 2020-10-28 2023-06-09 华为技术有限公司 一种模型配置方法及装置
KR102431555B1 (ko) * 2020-11-05 2022-08-11 주식회사 에벤에셀케이 스토리지를 공유하는 프로세스 간의 연계를 통해 데이터를 처리하기 위한 방법, 시스템, 및 컴퓨터-판독가능 매체
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
US12452273B2 (en) 2022-03-30 2025-10-21 SentinelOne, Inc Systems, methods, and devices for preventing credential passing attacks
WO2024152041A1 (en) 2023-01-13 2024-07-18 SentinelOne, Inc. Classifying cybersecurity threats using machine learning on non-euclidean data

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7487543B2 (en) * 2002-07-23 2009-02-03 International Business Machines Corporation Method and apparatus for the automatic determination of potentially worm-like behavior of a program
JP2006053788A (ja) * 2004-08-12 2006-02-23 Ntt Docomo Inc ソフトウェア動作監視装置及びソフトウェア動作監視方法
US8108929B2 (en) * 2004-10-19 2012-01-31 Reflex Systems, LLC Method and system for detecting intrusive anomalous use of a software system using multiple detection algorithms
US8239505B2 (en) * 2007-06-29 2012-08-07 Microsoft Corporation Progressively implementing declarative models in distributed systems
US8479286B2 (en) * 2009-12-15 2013-07-02 Mcafee, Inc. Systems and methods for behavioral sandboxing
US8806620B2 (en) * 2009-12-26 2014-08-12 Intel Corporation Method and device for managing security events
WO2012071533A1 (en) * 2010-11-24 2012-05-31 LogRhythm Inc. Advanced intelligence engine
US20120167218A1 (en) * 2010-12-23 2012-06-28 Rajesh Poornachandran Signature-independent, system behavior-based malware detection
US8640245B2 (en) * 2010-12-24 2014-01-28 Kaspersky Lab, Zao Optimization of anti-malware processing by automated correction of detection rules
WO2012109533A1 (en) * 2011-02-10 2012-08-16 Beyondtrust Software, Inc. System and method for detecting or preventing data leakage using behavior profiling
JP5665188B2 (ja) * 2011-03-31 2015-02-04 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation ソフトウエア更新を適用した情報処理装置を検査するシステム
RU2454705C1 (ru) * 2011-04-19 2012-06-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ защиты компьютерного устройства от вредоносных объектов, использующих сложные схемы заражения
CN102790758B (zh) * 2011-05-18 2017-08-18 海尔集团公司 防火墙系统及其处理方法

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190036144A (ko) * 2017-09-27 2019-04-04 주식회사 알티캐스트 통합된 분석 모델에 기초하여 이상 행동을 감지하는 시스템 및 그 방법
KR20190036422A (ko) * 2017-11-08 2019-04-04 주식회사 알티캐스트 통합된 분석 모델에 기초하여 이상 행동을 감지하는 시스템 및 그 방법
WO2021060609A1 (ko) * 2019-09-25 2021-04-01 전자부품연구원 복수의 엣지와 클라우드를 포함하는 분산 컴퓨팅 시스템 및 이의 적응적 지능 활용을 위한 모델 제공 방법

Also Published As

Publication number Publication date
JP2016512631A (ja) 2016-04-28
EP2956884A1 (en) 2015-12-23
JP6305442B2 (ja) 2018-04-04
CN105074718A (zh) 2015-11-18
WO2014126779A1 (en) 2014-08-21
EP2956884B1 (en) 2020-09-09

Similar Documents

Publication Publication Date Title
US9747440B2 (en) On-line behavioral analysis engine in mobile device with multiple analyzer model providers
JP6305442B2 (ja) 複数のアナライザモデルプロバイダを用いたモバイルデバイスにおけるオンライン挙動分析エンジン
US9690635B2 (en) Communicating behavior information in a mobile computing device
US9609456B2 (en) Methods, devices, and systems for communicating behavioral analysis information
EP2850865B1 (en) Minimizing latency of behavioral analysis using signature caches
US9298494B2 (en) Collaborative learning for efficient behavioral analysis in networked mobile device
KR101840156B1 (ko) 바이탈 애플리케이션들의 타겟화된 보호를 위해 애플리케이션-특정 모델들을 생성하는 방법들 및 시스템들
US9756066B2 (en) Secure behavior analysis over trusted execution environment
EP2949144B1 (en) Adaptive observation of behavioral features on a mobile device
US9495537B2 (en) Adaptive observation of behavioral features on a mobile device
EP3142048A1 (en) Architecture for client-cloud behavior analyzer
US20160232353A1 (en) Determining Model Protection Level On-Device based on Malware Detection in Similar Devices
US20160078362A1 (en) Methods and Systems of Dynamically Determining Feature Sets for the Efficient Classification of Mobile Device Behaviors
WO2013173000A2 (en) On-device real-time behavior analyzer

Legal Events

Date Code Title Description
PA0105 International application

Patent event date: 20150909

Patent event code: PA01051R01D

Comment text: International Patent Application

PG1501 Laying open of application
PC1203 Withdrawal of no request for examination
WITN Application deemed withdrawn, e.g. because no request for examination was filed or no examination fee was paid