On-Line Behavioral Analysis Engine in Mobile Device with Multiple Analyzer Model Providers
First Claim
1. A method for monitoring mobile device behaviors in a mobile device, comprising:
- receiving in a mobile device processor a behavior model from an application download service, the received behavior model identifying factors and data points most relevant to enabling the mobile device processor to better determine whether a mobile device behavior is benign or malicious;
installing the received behavior model in the mobile device in conjunction with an existing behavior analyzer engine installed in the mobile device; and
using the installed behavior model to monitor one or more mobile device behaviors.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and devices for generating data models in a client-cloud communication system may include applying machine learning techniques to generate a first family of classifier models that describe a cloud corpus of behavior vectors. Such vectors may be analyzed to identify factors in the first family of classifier models that have the highest probability of enabling a mobile device to better determine whether a mobile device behavior is malicious or benign. Based on this analysis, a second family of classifier models may be generated that identify significantly fewer factors and data points as being relevant for enabling the mobile device to better determine whether the mobile device behavior is malicious or benign based on the determined factors. A mobile device classifier module based on the second family of classifier models may be generated and made available for download by mobile devices, including devices contributing behavior vectors.
353 Citations
48 Claims
-
1. A method for monitoring mobile device behaviors in a mobile device, comprising:
-
receiving in a mobile device processor a behavior model from an application download service, the received behavior model identifying factors and data points most relevant to enabling the mobile device processor to better determine whether a mobile device behavior is benign or malicious; installing the received behavior model in the mobile device in conjunction with an existing behavior analyzer engine installed in the mobile device; and using the installed behavior model to monitor one or more mobile device behaviors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A mobile computing device comprising:
-
a mobile device processor; means for receiving a behavior model from an application download service, the received behavior model identifying factors and data points most relevant to enabling the mobile device processor to better determine whether a mobile device behavior is benign or malicious; means for installing the received behavior model in conjunction with an existing behavior analyzer engine; and means for using the installed behavior model to monitor one or more mobile device behaviors. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A mobile computing device, comprising:
a processor configured with processor-executable instructions to perform operations comprising; receiving a behavior model from an application download service, the received behavior model identifying factors and data points most relevant to enabling the processor to better determine whether a mobile device behavior is benign or malicious; installing the received behavior model in conjunction with an existing behavior analyzer engine; and using the installed behavior model to monitor one or more mobile device behaviors. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
37. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a mobile device processor to perform operations comprising:
-
receiving a behavior model from an application download service, the received behavior model identifying factors and data points most relevant to enabling the mobile device processor to better determine whether a mobile device behavior is benign or malicious; installing the received behavior model in conjunction with an existing behavior analyzer engine; and using the installed behavior model to monitor one or more mobile device behaviors. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
Specification