Behavioral scanning of mobile applications
First Claim
1. A computer-implemented method for analyzing mobile applications for malware, the method comprising:
- receiving a mobile application from an application server;
loading the mobile application into an emulated environment, the emulated environment simulating a mobile device;
performing static analysis on the application to determine a plurality of simulated user inputs;
loading a user interface exerciser configured to simulate the plurality of simulated user inputs in the mobile application and observing resulting behaviors of the simulated mobile device;
classifying the behaviors as hard signals or soft signals and combining soft signals to calculate a probability of maliciousness; and
classifying the mobile application as malicious or non-malicious based on the hard signals and the probability of maliciousness.
4 Assignments
0 Petitions
Accused Products
Abstract
Behavioral analysis of a mobile application is performed to determine whether the application is malicious. During analysis, various user interactions are simulated in an emulated environment to activate many possible resulting behaviors of an application. The behaviors are classified as hard or soft signals. A probability of the application being malicious is determined through combining soft signals, and the application is classified as malicious or non-malicious. Users of the application, the developer of the application, or a distributor of the application are notified of the application classification to enable responsive action.
302 Citations
20 Claims
-
1. A computer-implemented method for analyzing mobile applications for malware, the method comprising:
-
receiving a mobile application from an application server; loading the mobile application into an emulated environment, the emulated environment simulating a mobile device; performing static analysis on the application to determine a plurality of simulated user inputs; loading a user interface exerciser configured to simulate the plurality of simulated user inputs in the mobile application and observing resulting behaviors of the simulated mobile device; classifying the behaviors as hard signals or soft signals and combining soft signals to calculate a probability of maliciousness; and classifying the mobile application as malicious or non-malicious based on the hard signals and the probability of maliciousness. - View Dependent Claims (2)
-
-
3. A computer-implemented method for analyzing mobile applications for malware, the method comprising:
-
loading a mobile application into an emulated environment, the emulated environment simulating a mobile device; determining a plurality of simulated user inputs; loading a user interface exerciser configured to simulate the plurality of simulated user inputs on the simulated mobile device; assessing malware probabilities of behaviors on the mobile device resulting from the simulation of the plurality of simulated user inputs; and preparing a vulnerability report based on the assessed malware probabilities. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system for analyzing mobile applications for malware, the system comprising a non-transitory computer readable medium storing instructions for:
-
loading a mobile application into an emulated environment, the emulated environment simulating a mobile device; determining a plurality of simulated user inputs; loading a user interface exerciser configured to simulate the plurality of simulated user inputs on the simulated mobile device; assessing malware probabilities of behaviors on the mobile device resulting from the simulation of the plurality of simulated user inputs; and preparing a vulnerability report based on the assessed malware probabilities. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification