What technology area does this patent fall under?

Primary CPC classification G06F21/566. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu Nov 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Methods and Systems for Behavior-Specific Actuation for Real-Time Whitelisting

US2016337390A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016337390-A1
Application number	US-201514849849-A
Country	US
Kind code	A1
Filing date	Sep 10, 2015
Priority date	May 11, 2015
Publication date	Nov 17, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Various embodiments include methods of evaluating device behaviors in a computing device and enabling white listing of particular behaviors. Various embodiments may include monitoring activities of a software application operating on the computing device, and generating a behavior vector information structure that characterizes a first monitored activity of the software application. The behavior vector information structure may be applied to a machine learning classifier model to generate analysis results. The analysis results may be used to classify the first monitored activity of the software application as one of benign, suspicious, and non-benign. A prompt may be displayed to the user that requests that the user select whether to whitelist the software application in response to classifying the first monitored activity of the software application as suspicious or non-benign. The first monitored activity may be added to a whitelist of device behaviors in response to receiving a user input.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method of evaluating device behaviors in a computing device, comprising: monitoring activities of a software application operating on the computing device; generating a behavior vector information structure that characterizes a first monitored activity of the software application; applying the behavior vector information structure to a machine learning classifier model to generate analysis results; using the analysis results to classify the first monitored activity as one of benign, suspicious, and non-benign; displaying a prompt that requests that a user select whether to whitelist the software application in response to classifying the first monitored activity of the software application as suspicious or non-benign; receiving a user input in response to displaying the prompt; and adding the first monitored activity to a whitelist in response to receiving the user input. 2 . The method of claim 1 , wherein adding the first monitored activity to the whitelist in response to receiving the user input comprises storing the first monitored activity in a whitelist database in association with the software application. 3 . The method of claim 1 , further comprising using multi-label classification or meta-classification techniques to further classify the first monitored activity into one or more sub-categories, wherein displaying the prompt that requests that the user select whether to whitelist the software application comprises displaying the prompt to include the one or more sub-categories associated with the first monitored activity. 4 . The method of claim 1 , further comprising cease monitoring the first monitored activity in response to including the first monitored activity in the whitelist. 5 . The method of claim 3 , further comprising: continuing monitoring activities of the software application, generating a second behavior vector information structure, applying the second behavior vector information structure to a second machine learning classifier model to generate an additional analysis result, and using the additional analysis result to classify a second monitored activity into a sub-category; determining whether the second monitored activity is classified into the same sub-category as the first monitored activity; and displaying an additional prompt that requests that the user select whether to whitelist the software application in response to determining that the second monitored activity is not sub classified into the same sub-category as the first monitored activity. 6 . The method of claim 5 , further comprising: receiving an additional user input in response to displaying the additional prompt; and removing the first monitored activity from the whitelist and terminating the software application in response to receiving the additional user input. 7 . The method of claim 5 , further comprising: receiving an additional user input in response to displaying the additional prompt; and adding the second monitored activity to the whitelist in response to receiving the additional user input. 8 . The method of claim 1 , further comprising determining a relative importance of the first monitored activity characterized by the behavior vector information structure, wherein displaying the prompt that requests that the user select whether to whitelist the software application comprises displaying the prompt to include information that identifies the relative importance of the first monitored activity. 9 . The method of claim 8 , further comprising balancing tradeoffs between amounts of processing, memory, or energy resources of the computing device used to monitor and analyze activities of the software application and the determined relative importance of the first monitored activity. 10 . The method of claim 9 , wherein the balancing comprises selecting actuation operations based, at least in part, on the determined relative importance of the first monitored activity. 11 . The method of claim 10 , wherein selecting actuation operations comprises determining whether to perform robust analysis operations or lightweight analysis operations based, at least in part, on that behavior's sub-classifications. 12 . A computing device, comprising: a memory; a display; and a processor coupled to the memory and the display, and configured with processor-executable instructions to perform operations comprising: monitoring activities of a software application operating on the computing device; generating a behavior vector information structure that characterizes a first monitored activity of the software application; applying the behavior vector information structure to a machine learning classifier model to generate analysis results; using the analysis results to classify the first monitored activity of the software application as one of benign, suspicious, and non-benign; displaying a prompt that requests that a user select whether to whitelist the software application in response to classifying the first monitored activity of the software application as suspicious or non-benign; receiving a user input in response to displaying the prompt; and adding the first monitored activity to a whitelist in response to receiving the user input. 13 . The computing device of claim 12 , wherein the processor is configured with processor-executable instructions to perform operations such that adding the first monitored activity to the whitelist in response to receiving the user input comprises storing the first monitored activity in a whitelist database in association with the software application. 14 . The computing device of claim 12 , wherein the processor is configured with processor-executable instructions to perform operations further comprising using multi-label classification or meta-classification techniques to further classify the first monitored activity into one or more sub-categories, and wherein the processor is configured with processor-executable instructions to perform operations such that displaying the prompt that requests that the user select whether to whitelist the software application comprises displaying the prompt to include the one or more sub-categories associated with the first monitored activity. 15 . The computing device of claim 12 , wherein the processor is configured with processor-executable instructions to perform operations further comprising no longer monitoring activity added to the whitelist, thereby reducing overhead processing by the computing device. 16 . The computing device of claim 14 , wherein the processor is configured with processor-executable instructions to perform operations further comprising: continuing monitoring activities of the software application, generating a second behavior vector information structure, applying the second behavior vector information structure to a second machine learning classifier model to generate additional analysis results, and using the additional analysis results to classify a second monitored activity into a sub-category; determining whether the second monitored activity is sub classified into the same sub-category as the first monitored activity; and displaying an additional prompt that requests that the user select whether to whitelist the software application in response to determining that the second monitored activity is not sub classified into the same sub-category as the first monitored activity. 17 . The computing device of claim 16 , wherein the processor is configured with processor-executable instructions to perfo

Assignees

Qualcomm Inc

Inventors

Classifications

G06F2221/033
Test or assess software · CPC title
G06F21/566Primary
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
G06F21/552
involving long-term monitoring or reporting · CPC title
G06F3/0484
for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range · CPC title
G06N20/00Primary
Machine learning · CPC title

Patent family

Related publications grouped by family.

View patent family 55809239

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016337390A1 cover?: Various embodiments include methods of evaluating device behaviors in a computing device and enabling white listing of particular behaviors. Various embodiments may include monitoring activities of a software application operating on the computing device, and generating a behavior vector information structure that characterizes a first monitored activity of the software application. The behavio…
Who is the assignee on this patent?: Qualcomm Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/566. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu Nov 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).