Using natural language processing for detection of intended or unexpected application behavior
First Claim
Patent Images
1. A method of using natural language processing (NLP) for detecting unintended computer application behavior to construct a statistical model to determine for an application, given the application'"'"'s graphical user interface (GUI) and unlabeled text, whether the application is exhibiting unintended or abnormal behavior comprising steps of:
- instrumenting the application such that user interface UI transitions are recorded as an acceptable list per-context action and security-critical operations are monitored for training the system;
capturing from the instrumentation as UI transitions occur for obtaining text associated with an enabled UI widget;
forming a sequence of NLP textural content from interactions with the application and interleaving into the sequence security-relevant operations that occur between UI transitions;
analyzing the suffix leading to the operation as a security-critical operation is about to execute to determine whether the operation is expected to occur at this point in the execution based upon the acceptable list per-context actions and its GUI, andqualifying whether the application interaction is consistent with expected behavior based on identification of an intended semantic from the acceptable list per-context actions, and if not, raise a warning flag.
1 Assignment
0 Petitions
Accused Products
Abstract
Detection of unintended application behaviors, where natural language processing (NLP) techniques are used to analyze the application, and specifically its graphical user interface (GUI), and construct an acceptable (or expected) list per-context actions. Actions executed by the application in a given context that do not fall within the list are flagged as unexpected (or anomalous).
-
Citations
14 Claims
-
1. A method of using natural language processing (NLP) for detecting unintended computer application behavior to construct a statistical model to determine for an application, given the application'"'"'s graphical user interface (GUI) and unlabeled text, whether the application is exhibiting unintended or abnormal behavior comprising steps of:
-
instrumenting the application such that user interface UI transitions are recorded as an acceptable list per-context action and security-critical operations are monitored for training the system; capturing from the instrumentation as UI transitions occur for obtaining text associated with an enabled UI widget; forming a sequence of NLP textural content from interactions with the application and interleaving into the sequence security-relevant operations that occur between UI transitions; analyzing the suffix leading to the operation as a security-critical operation is about to execute to determine whether the operation is expected to occur at this point in the execution based upon the acceptable list per-context actions and its GUI, and qualifying whether the application interaction is consistent with expected behavior based on identification of an intended semantic from the acceptable list per-context actions, and if not, raise a warning flag. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium having computer readable program for using natural language processing (NLP) for detecting unintended computer application behavior to construct a statistical model to determine for an application, given the application'"'"'s graphical user interface (GUI) and unlabeled text, whether the application is exhibiting unintended or abnormal behavior, program comprising:
-
instrumenting the application such that user interface (UI) transitions are recorded as an acceptable list per-context action and security-critical operations are monitored for training the system; capturing from the instrumentation as UI transitions occur for obtaining text associated with an enabled UI widget; forming a sequence of NLP textural content from interactions with the application and interleaving into the sequence security-relevant operations that occur between UI transitions; analyzing the suffix leading to the operation as a security-critical operation is about to execute to determine whether the operation is expected to occur at this point in the execution based upon the acceptable list per-context actions and its GUI, and qualifying whether the application interaction is consistent with expected behavior based on identification of an intended semantic from the acceptable list per-context actions, and if not, raise a warning flag. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification