Pre-Identifying Probable Malicious Behavior Based on Configuration Pathways

US 20150101047A1
Filed: 10/03/2013
Published: 04/09/2015
Est. Priority Date: 10/03/2013
Status: Active Grant

First Claim

Patent Images

1-3. -3. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The various aspects include systems and methods for enabling mobile computing devices to recognize when they are at risk of experiencing malicious behavior in the near future given a current configuration. Thus, the various aspects enable mobile computing devices to anticipate malicious behaviors before a malicious behavior begins rather than after the malicious behavior has begun. In the various aspects, a network server may receive behavior vector information from multiple mobile computing devices and apply pattern recognition techniques to the received behavior vector information to identify malicious configurations and pathway configurations that may lead to identified malicious configurations. The network server may inform mobile computing devices of identified malicious configurations and the corresponding pathway configurations, thereby enabling mobile computing devices to anticipate and prevent malicious behavior from beginning by recognizing when they have entered a pathway configuration leading to malicious behavior.

43 Citations

View as Search Results

32 Claims

1-3. -3. (canceled)

4. A method of predicting probable malicious behavior on a mobile computing device before it occurs, comprising:
- receiving a malicious and pathway configuration database;
  
  determining a current configuration;
  
  determining whether the current configuration is leading to a malicious configuration based on the malicious and pathway configuration database; and
  
  implementing preventative measures to avoid the malicious configuration in response to determining that the current configuration is leading to a malicious configuration.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The method of claim 4, wherein implementing preventative measures to avoid the malicious configuration comprises:
    - identifying a process associated with the current configuration; and
      
      slowing down execution of the process.
  - 6. The method of claim 5, further comprising:
    - examining other behaviors occurring on the mobile computing device;
      
      determining whether there is a substantial likelihood that the current configuration is leading to a malicious configuration based on the examination of the other behaviors; and
      
      implementing preventative measures for the process in response to determining that there is a substantial likelihood that the current configuration is leading to a malicious configuration.
  - 7. The method of claim 5, further comprising:
    - determining a classification of the current configuration;
      
      determining a classification of a potential future configuration;
      
      determining a likelihood of the current configuration leading to a malicious configuration based on the classification of the current configuration and the classification of the potential future configuration;
      
      determining whether the likelihood is substantial; and
      
      implementing preventative measures for the process in response to determining that the likelihood is substantial.
  - 8. The method of claim 5, further comprising:
    - determining a probability of the current configuration leading to a malicious configuration based on the current configuration and configuration transition probabilities, wherein the configuration transition probabilities are included in the malicious and pathway configuration database;
      
      determining whether the probability of the current configuration leading to a malicious configuration exceeds a risk threshold; and
      
      implementing preventative measures for the process in response to determining that the probability of the current configuration leading to a malicious configuration exceeds the risk threshold.

9-11. -11. (canceled)

12. A mobile computing device, comprising:
- a memory;
  
  a transceiver; and
  
  a processor coupled to the memory and the transceiver, wherein the processor is configured with processor-executable instructions to perform operations comprising;
  
  receiving a malicious and pathway configuration database;
  
  determining a current configuration;
  
  determining whether the current configuration is leading to a malicious configuration based on the malicious and pathway configuration database; and
  
  implementing preventative measures to avoid the malicious configuration in response to determining that the current configuration is leading to a malicious configuration.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The mobile computing device of claim 12, wherein the processor is configured with processor-executable instructions to perform operations such that implementing preventative measures to avoid the malicious configuration comprises:
    - identifying a process associated with the current configuration; and
      
      slowing down execution of the process.
  - 14. The mobile computing device of claim 13, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - examining other behaviors occurring on the mobile computing device;
      
      determining whether there is a substantial likelihood that the current configuration is leading to a malicious configuration based on the examination of the other behaviors; and
      
      implementing preventative measures for the process in response to determining that there is a substantial likelihood that the current configuration is leading to a malicious configuration.
  - 15. The mobile computing device of claim 13, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - determining a classification of the current configuration;
      
      determining a classification of a potential future configuration;
      
      determining a likelihood of the current configuration leading to a malicious configuration based on the classification of the current configuration and the classification of the potential future configuration;
      
      determining whether the likelihood is substantial; and
      
      implementing preventative measures for the process in response to determining that the likelihood is substantial.
  - 16. The mobile computing device of claim 13, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - determining a probability of the current configuration leading to a malicious configuration based on the current configuration and configuration transition probabilities, wherein the configuration transition probabilities are included in the malicious and pathway configuration database;
      
      determining whether the probability of the current configuration leading to a malicious configuration exceeds a risk threshold; and
      
      implementing preventative measures for the process in response to determining that the probability of the current configuration leading to a malicious configuration exceeds the risk threshold.

17-19. -19. (canceled)

20. A mobile computing device, comprising:
- means for receiving a malicious and pathway configuration database;
  
  means for determining a current configuration;
  
  means for determining whether the current configuration is leading to a malicious configuration based on the malicious and pathway configuration database; and
  
  means for implementing preventative measures to avoid the malicious configuration in response to determining that the current configuration is leading to a malicious configuration.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The mobile computing device of claim 20, wherein means for implementing preventative measures to avoid the malicious configuration comprises:
    - means for identifying a process associated with the current configuration; and
      
      means for slowing down execution of the process.
  - 22. The mobile computing device of claim 21, further comprising:
    - means for examining other behaviors occurring on the mobile computing device;
      
      means for determining whether there is a substantial likelihood that the current configuration is leading to a malicious configuration based on examination of other behaviors; and
      
      means for implementing preventative measures for the process in response to determining that there is a substantial likelihood that the current configuration is leading to a malicious configuration.
  - 23. The mobile computing device of claim 21, further comprising:
    - means for determining a classification of the current configuration;
      
      means for determining a classification of a potential future configuration;
      
      means for determining a likelihood of the current configuration leading to a malicious configuration based on the classification of the current configuration and the classification of the potential future configuration;
      
      means for determining whether the likelihood is substantial; and
      
      means for implementing preventative measures for the process in response to determining that the likelihood is substantial.
  - 24. The mobile computing device of claim 21, further comprising:
    - means for determining a probability of the current configuration leading to a malicious configuration based on the current configuration and configuration transition probabilities, wherein the configuration transition probabilities are included in the malicious and pathway configuration database;
      
      means for determining whether the probability of the current configuration leading to a malicious configuration exceeds a risk threshold; and
      
      means for implementing preventative measures for the process in response to determining that the probability of the current configuration leading to a malicious configuration exceeds the risk threshold.

25-27. -27. (canceled)

28. A non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a mobile computing device processor to perform operations comprising:
- receiving a malicious and pathway configuration database;
  
  determining a current configuration;
  
  determining whether the current configuration is leading to a malicious configuration based on the malicious and pathway configuration database; and
  
  implementing preventative measures to avoid the malicious configuration in response to determining that the current configuration is leading to a malicious configuration.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The non-transitory processor-readable storage medium of claim 28, wherein the stored processor-executable instructions are configured to cause a mobile computing device processor to perform operations such that implementing preventative measures to avoid the malicious configuration comprises:
    - identifying a process associated with the current configuration; and
      
      slowing down execution of the process.
  - 30. The non-transitory processor-readable storage medium of claim 29, wherein the stored processor-executable instructions are configured to cause a mobile computing device processor to perform operations further comprising:
    - examining other behaviors occurring on the mobile computing device;
      
      determining whether there is a substantial likelihood that the current configuration is leading to a malicious configuration based on the examination of other behaviors; and
      
      implementing preventative measures for the process in response to determining that there is a substantial likelihood that the current configuration is leading to a malicious configuration.
  - 31. The non-transitory processor-readable storage medium of claim 29, wherein the stored processor-executable instructions are configured to cause a mobile computing device processor to perform operations further comprising:
    - determining a classification of the current configuration;
      
      determining a classification of a potential future configuration;
      
      determining a likelihood of the current configuration leading to a malicious configuration based on the classification of the current configuration and the classification of the potential future configuration;
      
      determining whether the likelihood is substantial; and
      
      implementing preventative measures for the process in response to determining that the likelihood is substantial.
  - 32. The non-transitory processor-readable storage medium of claim 29, wherein the stored processor-executable instructions are configured to cause a mobile computing device processor to perform operations further comprising:
    - determining a probability of the current configuration leading to a malicious configuration based on the current configuration and configuration transition probabilities, wherein the configuration transition probabilities are included in the malicious and pathway configuration database;
      
      determining whether the probability of the current configuration leading to a malicious configuration exceeds a risk threshold; and
      
      implementing preventative measures for the process in response to determining that the probability of the current configuration leading to a malicious configuration exceeds the risk threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Sridhara, Vinay, Gupta, Rajarshi, Patne, Salyajit Prabhakar

Granted Patent

US 9,519,775 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 9/44505   Configuring for program ini...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

Pre-Identifying Probable Malicious Behavior Based on Configuration Pathways

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Pre-Identifying Probable Malicious Behavior Based on Configuration Pathways

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others