System and method for managing malware protection on mobile devices
First Claim
1. A method of developing a feature data store that describes one or more applications and is adapted for use in the detection of malware in a target application on a limited access platform, said method comprising:
- creating one or more feature sets, each feature set comprising a plurality of feature elements for a select application of the one or more applications, each said feature element defining a non-executable portion of said select application;
characterizing each feature set for a respective select application as either malware-infected or malware-free; and
defining a rule for said one or more feature sets, said rule adapted to determine a match to one or more of said feature sets, such that when said rule is applied to a feature set of the target application, said match indicates whether said feature set of the target application matches at least one of said feature sets and said match further indicates whether said target application is malware-infected or malware-free.
15 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting malware on a limited access mobile platform in a mobile network. The system and method uses one or more feature sets that describe various non-executable portions of malware-infected and malware-free applications, and compares a application on the limited access mobile platform to the features sets. A match of the features in a suspect application to one of the feature sets provides an indication as to whether the suspect application is malware-infected or malware-free.
-
Citations
30 Claims
-
1. A method of developing a feature data store that describes one or more applications and is adapted for use in the detection of malware in a target application on a limited access platform, said method comprising:
-
creating one or more feature sets, each feature set comprising a plurality of feature elements for a select application of the one or more applications, each said feature element defining a non-executable portion of said select application; characterizing each feature set for a respective select application as either malware-infected or malware-free; and defining a rule for said one or more feature sets, said rule adapted to determine a match to one or more of said feature sets, such that when said rule is applied to a feature set of the target application, said match indicates whether said feature set of the target application matches at least one of said feature sets and said match further indicates whether said target application is malware-infected or malware-free. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of detecting malware in a target application on a limited access platform, said method comprising:
-
selecting a feature data store that describes one or more applications, said feature data store having; one or more feature sets, each feature set having a plurality of feature elements for a select application of said one or more applications, each said feature element defining a non-executable portion of said select application, and each feature set characterizing said select application as either malware-infected or malware-free, and a rule for said one or more feature sets, said rule adapted to determine a match to at least one of said feature sets; extracting a feature set from a non-executable portion of the target application; and applying said rule to said feature set of the target application to determine whether said target application is malware-infected or malware-free. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A limited access platform for detecting malware, said limited access platform comprising:
-
a feature data store for describing one or more applications, said feature data store comprising; one or more feature sets, each feature set comprising a plurality of feature elements for a select application of said one or more applications, each said feature element defining a non-executable portion of said select application, and each feature set characterizing said select application as either malware-infected or malware-free, and a rule for said one or more feature sets, said rule adapted to determine a match to at least one of said feature sets; a means for applying said rule to a feature set of a target application on the limited access platform to determine a match comparison of said target application against said feature data store; and a means for determining whether said target application is malware-infected or malware-free by the application of said rule. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification