Malware detection
First Claim
1. A method of detecting malware in a mobile telecommunications device, the method comprising:
- maintaining a database of legitimate applications and their respective expected behaviours;
identifying legitimate applications running on the device;
monitoring the behaviour of the device,comparing this monitored behaviour with that expected according to the database for those legitimate applications identified as running on the device; and
analyzing deviations from the expected behaviour of the device to identify the potential presence of malware.
1 Assignment
0 Petitions
Accused Products
Abstract
According to a first aspect of the present invention there is provided a method of detecting malware in a mobile telecommunications device 101. In the method, maintaining a database 109 of legitimate applications and their respective expected behaviours, identifying legitimate applications running on the device 101, monitoring the behaviour of the device 101, comparing this monitored behaviour with that expected according to the database 109 for those legitimate applications identified as running on the device 101, and analyzing deviations from the expected behaviour of the device 101 to identify the potential presence of malware.
-
Citations
15 Claims
-
1. A method of detecting malware in a mobile telecommunications device, the method comprising:
-
maintaining a database of legitimate applications and their respective expected behaviours; identifying legitimate applications running on the device; monitoring the behaviour of the device, comparing this monitored behaviour with that expected according to the database for those legitimate applications identified as running on the device; and analyzing deviations from the expected behaviour of the device to identify the potential presence of malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A mobile telecommunications device comprising:
-
a memory for storing a database of legitimate applications and their respective expected behaviours; and a processor for identifying legitimate applications running on the device, accessing the memory to obtain the expected behaviours of those legitimate applications identified as running on the device, monitoring the behaviour of the device, comparing the expected behaviour with the monitored behaviour, and for analyzing deviations in the monitored behaviour from the expected behaviour to identify the potential presence of malware.
-
-
15. A method of maintaining a database of legitimate applications and their respective expected behaviours in a plurality of mobile telecommunications devices, the method comprising:
-
identifying at a network based service, new applications for running on the devices; analyzing these new applications to determine their respective expected behaviours; and sending the identities of the new applications and their respective expected behaviours to the devices.
-
Specification