Detecting Application Harmful Behavior and Grading Application Risks for Mobile Devices

US 20130212684A1
Filed: 01/04/2013
Published: 08/15/2013
Est. Priority Date: 01/04/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, by a computing system, a permission list from an application;

generating, by the computing system, a set of potential behaviors from the permission list, the set of potential behaviors associated with actions that the application allows when executing on a mobile device, wherein the set of potential behaviors are determined without execution of the application;

determining, by the computing system, functional category information regarding a functional category from a set of application marketplaces that contain the application;

determining, by the computing system, application description information for the application from the set of application marketplaces;

generating, by the computing system, a required behavior list including a set of required behaviors from the functional category information and the application description information;

comparing, by the computing system, the set of required behaviors to the set of potential behaviors to determine a set of security related behaviors, wherein security related behaviors are behaviors found in the set of potential behaviors, but not in the set of required behaviors; and

determining, by the computing system, a security rating based on the set of security related behaviors.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method determines a permission list from an application and generates a set of potential behaviors. The potential behaviors are associated with actions that the application allows when executing on a mobile device where the potential behaviors are determined without execution of the application. The method then determines functional category information regarding a functional category from a set of application marketplaces that contain the application and determines application description information for the application. A required behavior list is generated including a set of required behaviors from the functional category information and the application description information. The method compares the required behaviors to the potential behaviors to determine a set of security related behaviors. The security related behaviors are behaviors found in the potential behaviors, but not in the required behaviors. A security rating is determined based on the set of security related behaviors.

78 Citations

View as Search Results

20 Claims

1. A method comprising:
- determining, by a computing system, a permission list from an application;
  
  generating, by the computing system, a set of potential behaviors from the permission list, the set of potential behaviors associated with actions that the application allows when executing on a mobile device, wherein the set of potential behaviors are determined without execution of the application;
  
  determining, by the computing system, functional category information regarding a functional category from a set of application marketplaces that contain the application;
  
  determining, by the computing system, application description information for the application from the set of application marketplaces;
  
  generating, by the computing system, a required behavior list including a set of required behaviors from the functional category information and the application description information;
  
  comparing, by the computing system, the set of required behaviors to the set of potential behaviors to determine a set of security related behaviors, wherein security related behaviors are behaviors found in the set of potential behaviors, but not in the set of required behaviors; and
  
  determining, by the computing system, a security rating based on the set of security related behaviors.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein determining the permission list comprises:
    - reading an executable file for the application or application metadata for the application to determine the set of potential behaviors; and
      
      generating the set of potential behaviors based on a mapping table that maps permissions determined from the executable file or the application metadata to potential behaviors.
  - 3. The method of claim 1, wherein determining the functional category information comprises:
    - determining a set of functional categories from the set of application marketplaces, wherein at least two marketplaces categorize the application in a different functional category;
      
      determining a category definition for at least one of the functional categories in at least one of the application marketplaces; and
      
      selecting a default functional category based on the category definition, wherein the default functional category is used to determine the set of required behaviors.
  - 4. The method of claim 3, wherein generating the required behavior list comprises inputting the default category into a mapping table to map the default category to set of required behaviors.
  - 5. The method of claim 1, wherein generating the required behavior list comprises generating a first set of required behaviors based on a mapping table that maps a functional category to required behaviors.
  - 6. The method of claim 5, wherein generating the required behavior list comprises generating a second set of required behaviors based on a mapping table that maps the application description to required behaviors.
  - 7. The method of claim 1, wherein determining the application description information comprises determining a set of keywords that describe the application based on the application description information.
  - 8. The method of claim 7, wherein generating the required behavior list comprises inputting the set of keywords into a mapping table to map the keywords to required behaviors in the set of required behaviors.
  - 9. The method of claim 1, wherein the security rating is selected from certified, malicious, high risk, low/noisy ratings.
  - 10. The method of claim 1, wherein the security rating is determining without executing the application on a computing device or information from executing the application on the computing device.
  - 11. The method of claim 1, further comprising sending the security rating to a mobile device or an application marketplace.
  - 12. The method of claim 1, wherein determining the security rating comprises:
    - determining a security rating for each security related behavior; and
      
      determining the security rating for the application based on the security rating for each security related behavior.
  - 13. The method of claim 12, further comprising comparing the security rating for each security related behavior to a set of thresholds to select one of the security ratings for a portion of the security related behaviors.

14. A non-transitory computer-readable storage medium containing instructions, that when executed, control a computer system to be configured for:
- determining a permission list from an application;
  
  generating a set of potential behaviors from the permission list, the set of potential behaviors associated with actions that the application allows when executing on a mobile device, wherein the set of potential behaviors are determined without execution of the application;
  
  determining functional category information regarding a functional category from a set of application marketplaces that contain the application;
  
  determining application description information for the application from the set of application marketplaces;
  
  generating a required behavior list including a set of required behaviors from the functional category information and the application description information;
  
  comparing the set of required behaviors to the set of potential behaviors to determine a set of security related behaviors, wherein security related behaviors are behaviors found in the set of potential behaviors, but not in the set of required behaviors; and
  
  determining a security rating based on the set of security related behaviors.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein determining the permission list comprises:
    - reading an executable file for the application or application metadata for the application to determine the set of potential behaviors; and
      
      generating the set of potential behaviors based on a mapping table that maps permissions determined from the executable file or the application metadata to potential behaviors.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein determining the functional category information comprises:
    - determining a set of functional categories from the set of application marketplaces, wherein at least two marketplaces categorize the application in a different functional category;
      
      determining a category definition for at least one of the functional categories in at least one of the application marketplaces; and
      
      selecting a default functional category based on the category definition, wherein the default functional category is used to determine the set of required behaviors.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein generating the required behavior list comprises generating a first set of required behaviors based on a mapping table that maps a functional category to required behaviors.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein determining the application description information comprises determining a set of keywords that describe the application based on the application description information.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein the security rating is selected from certified, malicious, high risk, low/noisy ratings.

20. An apparatus comprising:
- one or more computer processors; and
  
  a non-transitory computer-readable storage medium comprising instructions, that when executed, control the one or more computer processors to be configured for;
  
  determining a permission list from an application;
  
  generating a set of potential behaviors from the permission list, the set of potential behaviors associated with actions that the application allows when executing on a mobile device, wherein the set of potential behaviors are determined without execution of the application;
  
  determining functional category information regarding a functional category from a set of application marketplaces that contain the application;
  
  determining application description information for the application from the set of application marketplaces;
  
  generating a required behavior list including a set of required behaviors from the functional category information and the application description information;
  
  comparing the set of required behaviors to the set of potential behaviors to determine a set of security related behaviors, wherein security related behaviors are behaviors found in the set of potential behaviors, but not in the set of required behaviors; and
  
  determining a security rating based on the set of security related behaviors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Baidu Online Network Technology (Beijing) Co., Ltd (Baidu Incorporated)
Original Assignee
TrustGo Mobile, Inc. (Baidu Incorporated)
Inventors
Li, Xuyang, Bao, Chenfu, Wang, Lei

Granted Patent

US 9,063,964 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 16/2457   with adaptation to user needs

G06F 16/9535   Search customisation based ...

G06F 21/562   Static detection

G06F 21/577   Assessing vulnerabilities a...

G06Q 30/0282   Rating or review of busines...

Detecting Application Harmful Behavior and Grading Application Risks for Mobile Devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detecting Application Harmful Behavior and Grading Application Risks for Mobile Devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links