Systems and methods for intelligent phishing threat detection and phishing threat remediation in a cyber security threat detection and mitigation platform
US-2024414198-A1 · Dec 12, 2024 · US
Method for malicious activity detection in a mobile station
US9439077B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9439077-B2 |
| Application number | US-201313741388-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 15, 2013 |
| Priority date | Apr 10, 2012 |
| Publication date | Sep 6, 2016 |
| Grant date | Sep 6, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed is a method for malicious activity detection in a mobile station of a particular model. In the method, generic malicious behavior patterns are received from a network-based malicious behavior profiling system. Mobile-station-model-specific-behavior-analysis algorithms are generated in the mobile station based on the generic malicious behavior patterns. Mobile station operations may be observed to generate a mobile station activity observation. The mobile station activity observation may be analyzed using the mobile-station-model-specific-behavior-analysis algorithms to generate an activity analysis. Malicious activity may be detected based on the activity analysis.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of analyzing a behavior of an application operating in a mobile station, comprising: receiving, in a processor of the mobile station, mobile-station-model-agnostic behavior pattern information from a server; using, by the processor, the received mobile-station-model-agnostic behavior pattern information to generate a mobile-station-model-specific behavior model in the mobile station; monitoring, by the processor, one or more mobile station operations to collect behavior information in the mobile station; analyzing, by the processor, the behavior of the application operating on the mobile station by applying the collected behavior information to the generated mobile-station-model-specific behavior model; classifying, by the processor, the behavior of the application operating on the mobile station as not benign based on a result of applying the collected behavior information to the mobile-station-model-specific behavior model; and removing the application associated with the behavior classified as not benign. 2. The method of claim 1 , wherein receiving mobile-station-model-agnostic behavior pattern information from the server comprises receiving information that is not specific to a particular model of the mobile station. 3. The method of claim 1 , wherein monitoring one or more mobile station operations to collect behavior information in the mobile station comprises monitoring an activity of a Webkit of the mobile station. 4. The method of claim 1 , wherein monitoring one or more mobile station operations to collect behavior information in the mobile station comprises monitoring an activity of a high-level operating system (HLOS) of the mobile station. 5. The method of claim 1 , wherein monitoring one or more mobile station operations to collect behavior information in the mobile station comprises monitoring an activity of a kernel of the mobile station. 6. The method of claim 1 , wherein monitoring one or more mobile station operations to collect behavior information in the mobile station comprises monitoring an activity of a driver of the mobile station. 7. The method of claim 1 , wherein monitoring one or more mobile station operations to collect behavior information in the mobile station comprises monitoring an activity of a hardware component of the mobile station. 8. A mobile station, comprising: means for receiving mobile-station-model-agnostic behavior pattern information from a server; means for using the received mobile-station-model-agnostic behavior pattern information received from the server to generate a mobile-station-model-specific behavior model in the mobile station; means for monitoring one or more mobile station operations to collect behavior information in the mobile station; means for analyzing a behavior of an application operating on the mobile station by applying the collected behavior information to the generated mobile-station-model-specific behavior model; means for classifying the behavior of the application operating on the mobile station as not benign based on a result of applying the collected behavior information to the mobile-station-model-specific behavior model; and means for removing the application associated with the behavior classified as not benign. 9. The mobile station of claim 8 , wherein means for receiving mobile-station-model-agnostic behavior pattern information from the server comprises means for receiving information that is not specific to a particular model of the mobile station. 10. A mobile station, comprising: a processor configured with processor-executable instructions to perform operations comprising: receiving mobile-station-model-agnostic behavior pattern information from a server; using the received mobile-station-model-agnostic behavior pattern information to generate a mobile-station-model-specific behavior model in the mobile station; monitoring one or more mobile station operations to collect behavior information in the mobile station; analyzing a behavior of an application operating on the mobile station by applying the collected behavior information to the generated mobile-station-model-specific behavior model; classifying the behavior of the application operating on the mobile station as not benign based on a result of applying the collected behavior information to the mobile-station-model-specific behavior model; and removing the application associated with the behavior classified as not benign. 11. The mobile station of claim 10 , wherein the processor is configured with processor-executable instructions to perform operations such that receiving mobile-station-model-agnostic behavior pattern information from the server comprises receiving information that is not specific to a particular model of the mobile station. 12. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a processor in a mobile station to perform operations comprising: receiving mobile-station-model-agnostic behavior pattern information from a server; using the received mobile-station-model-agnostic behavior pattern information received from the server to generate a mobile-station-model-specific behavior model in the mobile station; monitoring one or more mobile station operations to collect behavior information in the mobile station; analyzing a behavior of an application operating on the mobile station by applying the collected behavior information to the generated mobile-station-model-specific behavior model; classifying the behavior of the application operating on the mobile station as not benign based on a result of applying the collected behavior information to the mobile-station-model-specific behavior model; and removing the application associated with the behavior classified as not benign. 13. The non-transitory computer readable storage medium of claim 12 , wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that receiving mobile-station-model-agnostic behavior pattern information from the server comprises receiving information that is not specific to a particular model of the mobile station.
Assignees
Inventors
Classifications
involving long-term monitoring or reporting · CPC title
- G06F21/55Primary
Detecting local intrusion or implementing counter-measures · CPC title
the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms · CPC title
- H04W12/12Primary
Detection or prevention of fraud · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9439077B2 cover?
- Disclosed is a method for malicious activity detection in a mobile station of a particular model. In the method, generic malicious behavior patterns are received from a network-based malicious behavior profiling system. Mobile-station-model-specific-behavior-analysis algorithms are generated in the mobile station based on the generic malicious behavior patterns. Mobile station operations may be…
- Who is the assignee on this patent?
- Qualcomm Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/55. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 06 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).