Determining Model Protection Level On-Device based on Malware Detection in Similar Devices
First Claim
1. A method of analyzing behaviors in a computing device, comprising:
- performing, in a processor of the computing device, a first type of analysis operations to determine whether there is an increased security risk, the first type of analysis operations including monitoring the computing device for an indication of the increased security risk or a previous occurrence of risk; and
performing a second type of analysis operations in response to determining that there is the increased security risk, wherein the second type of analysis operations are more computationally-intensive than the first type of analysis operations.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and devices for identifying, classifying, modeling, and responding to mobile device behaviors may include using lightweight processes to monitor and analyze various conditions and device behaviors to detect an instance of a non-benign behavior, increasing a level of security or scrutiny to identify other instances of non-benign behavior, and notifying select computing devices of the increased security risk so that they may also increase their security/scrutiny levels. For example, a computing device may be configured to perform a first type of analysis operations (e.g., lightweight analysis operations) to determine whether there is an increased security risk, and perform a second type of analysis operations (e.g., robust analysis operations) in response to determining that there is an increased security risk to determine whether there are additional security risks that are different from the security risk detected via the performance of the first type of analysis operations.
153 Citations
30 Claims
-
1. A method of analyzing behaviors in a computing device, comprising:
-
performing, in a processor of the computing device, a first type of analysis operations to determine whether there is an increased security risk, the first type of analysis operations including monitoring the computing device for an indication of the increased security risk or a previous occurrence of risk; and performing a second type of analysis operations in response to determining that there is the increased security risk, wherein the second type of analysis operations are more computationally-intensive than the first type of analysis operations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computing device, comprising:
-
means for performing a first type of analysis operations to determine whether there is an increased security risk, the first type of analysis operations including monitoring the computing device for an indication of the increased security risk or a previous occurrence of risk; and means for performing a second type of analysis operations in response to determining that there is the increased security risk, wherein the second type of analysis operations are more computationally-intensive than the first type of analysis operations. - View Dependent Claims (19, 20)
-
-
21. A computing device, comprising:
a processor configured with processor-executable software instructions to perform operations comprising; performing a first type of analysis operations to determine whether there is an increased security risk, the first type of analysis operations including monitoring the computing device for an indication of the increased security risk or a previous occurrence of risk; and performing a second type of analysis operations in response to determining that there is the increased security risk, wherein the second type of analysis operations are more computationally-intensive than the first type of analysis operations. - View Dependent Claims (22, 23, 24, 25, 26)
-
27. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a processor of a computing device to perform operations comprising:
-
performing a first type of analysis operations to determine whether there is an increased security risk, the first type of analysis operations including monitoring the computing device for an indication of the increased security risk or a previous occurrence of risk; and performing a second type of analysis operations in response to determining that there is the increased security risk, wherein the second type of analysis operations are more computationally-intensive than the first type of analysis operations. - View Dependent Claims (28, 29, 30)
-
Specification