Framework for iterative analysis of mobile software applications
US-9225740-B1 · Dec 29, 2015 · US
Methods and systems of using application-specific and application-type-specific models for the efficient classification of mobile device behaviors
US9652362B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9652362-B2 |
| Application number | US-201414259501-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 23, 2014 |
| Priority date | Dec 6, 2013 |
| Publication date | May 16, 2017 |
| Grant date | May 16, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, and mobile devices implementing the methods, use application-specific and/or application-type specific classifier to improve the efficiency and performance of a comprehensive behavioral monitoring and analysis system predicting whether a software application is causing undesirable or performance depredating behavior. The application-specific and application-type specific classifier models may include a reduced and more focused subset of the decision nodes that are included in a full or more complete classifier model that may be received or generated in the mobile device. The locally generated application-specific and/or application-type specific classifier models may be used to perform real-time behavior monitoring and analysis operations by applying the application-based classifier models to a behavior/feature vector generated by monitoring mobile device behavior. The various aspects focus monitoring and analysis operations on a small number of features that are most important for determining whether operations of a software application are contributing to undesirable or performance depredating behavior.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of generating and using classifier models in a mobile device based on application types having distinct characteristics, comprising: receiving, in a processor of the mobile device, a finite state machine that includes information that is suitable for conversion into a plurality of boosted decision stumps, wherein each of the plurality of boosted decision stumps evaluate one of a plurality of test conditions; converting the information included in the received finite state machine into the plurality of boosted decision stumps that each evaluate one of the plurality of test conditions; generating a family of lean classifier models in the mobile device based on the plurality of boosted decision stumps; generating, via the processor of the mobile device, an application-type-specific classifier model that includes and prioritizes boosted decision stumps in the plurality of boosted decision stumps that evaluate a subset of test conditions in the plurality of test conditions, wherein the subset of test conditions are determined to evaluate mobile device features that are used by one type of software application, wherein the one type of software application is determined to be suitable for executing on the mobile device; selecting a lean classifier model from the family of lean classifier models; and applying collected behavior information to the generated application-type-specific classifier model and the selected lean classifier model in parallel to classify a behavior of the mobile device. 2. The method of claim 1 , further comprising: monitoring the behavior over a period of time by collecting behavior information from a mobile device component, wherein applying the collected behavior information to the generated application-type-specific classifier model and the selected lean classifier model in parallel to classify the behavior of the mobile device comprises: using the behavior information to generate a feature vector; evaluating each test condition included in the application-type-specific classifier model by applying the generated feature vector to the application-type-specific classifier model; computing a weighted average of each result of evaluating test conditions in the application-type-specific classifier model; and determining whether the behavior is benign based on the computed weighted average. 3. The method of claim 1 , wherein generating the application-type-specific classifier model further comprises: determining a number of unique test conditions that should be evaluated to classify the behavior without consuming an excessive amount of mobile device resources. 4. The method of claim 1 , further comprising: monitoring a software application to detect a change in one of: a state of the software application, a configuration of the software application, an operation of the software application, and a functionality of the software application. 5. The method of claim 4 , further comprising: identifying a feature associated with the detected change; determining whether the identified feature is included in the application-type-specific classifier model; and identifying a test condition in the plurality of test conditions that evaluate the identified feature and adding the identified test condition to the application-type-specific classifier model in response to determining that the identified feature is not included in the application-type-specific classifier model. 6. The method of claim 1 , further comprising generating the finite state machine in a server by: receiving in the server a corpus of behavior information; generating the finite state machine based on the corpus of behavior information; and sending the finite state machine to the mobile device. 7. A mobile computing device, comprising: a memory; and a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising: receiving a finite state machine that includes information that is suitable for conversion into a plurality of boosted decision stumps, wherein each of the plurality of boosted decision stumps evaluate one of a plurality of test conditions; converting the information included in the received finite state machine into the plurality of boosted decision stumps that each evaluate one of the plurality of test conditions; generating a family of lean classifier models based on the plurality of boosted decision stumps; generating an application-type-specific classifier model that includes and prioritizes boosted decision stumps in the plurality of boosted decision stumps that evaluate a subset of test conditions in the plurality of test conditions, wherein the subset of test conditions are determined to evaluate mobile device features that are used by one type of software application, wherein the one type of software application is determined to be suitable for executing on the mobile device; selecting a lean classifier model from the family of lean classifier models; and applying collected behavior information to the generated application-type-specific classifier model and the selected lean classifier model in parallel to classify a behavior of the mobile computing device. 8. The mobile computing device of claim 7 , wherein: the processor is configured with processor-executable instructions to perform operations further comprising monitoring the behavior over a period of time by collecting behavior information from a mobile device component; and the processor is configured with processor-executable instructions to perform operations such that applying collected behavior information to the generated application-type-specific classifier model and the selected lean classifier model in parallel to classify the behavior comprises: using the behavior information to generate a feature vector; evaluating each test condition included in the application-type-specific classifier model by applying the generated feature vector to the application-type-specific classifier model; computing a weighted average of each result of evaluating test conditions in the application-type-specific classifier model; and determining whether the behavior is benign based on the computed weighted average. 9. The mobile computing device of claim 7 , wherein the processor is configured with processor-executable instructions to perform operations such that generating the application-type-specific classifier model comprises: determining a number of unique test conditions that should be evaluated to classify the behavior without consuming an excessive amount of mobile device resources. 10. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a processor of a mobile device to perform operations comprising: receiving a finite state machine that includes information that is suitable for conversion into a plurality of boosted decision stumps, wherein each of the plurality of boosted decision stumps evaluate one of a plurality of test conditions; converting the information included in the received finite state machine into the plurality of boosted decision stumps that each evaluate one of the plurality of test conditions; generating a family of lean classifier models in the mobile device based on the plurality of boosted decision stumps; generating an application-type-specific classifier model that includes and prioritizes boosted decision stumps in the plurality of boosted decision stumps that evaluate a subset of test conditions in the plurality of test conditions, wherein the subset of test conditions are determined to evaluate mobile d
Assignees
Inventors
Classifications
Physics · mapped topic
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
Inference or reasoning models · CPC title
involving long-term monitoring or reporting · CPC title
Test or assess a computer or a system · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9652362B2 cover?
- Methods, and mobile devices implementing the methods, use application-specific and/or application-type specific classifier to improve the efficiency and performance of a comprehensive behavioral monitoring and analysis system predicting whether a software application is causing undesirable or performance depredating behavior. The application-specific and application-type specific classifier mod…
- Who is the assignee on this patent?
- Qualcomm Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/52. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 16 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).