Methods and Systems of Generating Application-Specific Models for the Targeted Protection of Vital Applications
First Claim
1. A method of analyzing a software application operating in a processor of a computing device, the method comprising:
- monitoring in the processor activities of the software application by collecting behavior information from a log of actions stored in a memory of the computing device;
generating a behavior vector that characterizes the monitored activities of the software application based on the collected behavior information; and
determining whether the generated behavior vector includes a distinguishing behavior identifying the software application as being from a known vendor.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, and computing devices implementing the methods, improve the efficiency and performance of a comprehensive behavioral monitoring and analysis system that is configured to predict whether a software application is causing undesirable or performance depredating behavior. The behavioral monitoring and analysis system may be configured to quickly and efficiently classify certain software applications as being benign by generating a behavior vector that characterizes the activities of the software application, determining whether the generated behavior vector includes a distinguishing behavior or behavioral clue identifying the software application as a trusted software application, and classifying the software application as benign in response to determining that the generated behavior vector includes a distinguishing behavior identifying the software application as a trusted software application.
-
Citations
30 Claims
-
1. A method of analyzing a software application operating in a processor of a computing device, the method comprising:
-
monitoring in the processor activities of the software application by collecting behavior information from a log of actions stored in a memory of the computing device; generating a behavior vector that characterizes the monitored activities of the software application based on the collected behavior information; and determining whether the generated behavior vector includes a distinguishing behavior identifying the software application as being from a known vendor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing device, comprising:
-
a memory; and a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising; monitoring activities of a software application by collecting behavior information from a log of actions stored in the memory; generating a behavior vector that characterizes the monitored activities of the software application based on the collected behavior information; and determining whether the generated behavior vector includes a distinguishing behavior identifying the software application as being from a known vendor. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a processor of a computing device to perform operations for analyzing a software application operating in the processor, the operations comprising:
-
monitoring activities of the software application by collecting behavior information from a log of actions stored in a memory of the computing device; generating a behavior vector that characterizes the monitored activities of the software application based on the collected behavior information; and determining whether the generated behavior vector includes a distinguishing behavior identifying the software application as being from a known vendor. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A computing device, comprising:
-
means for monitoring activities of a software application by collecting behavior information from a log of actions stored in a memory of the computing device; means for generating a behavior vector that characterizes the monitored activities of the software application based on the collected behavior information; and means for determining whether the generated behavior vector includes a distinguishing behavior identifying the software application as being from a known vendor. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification