Hardware assisted asset tracking for information leak prevention
First Claim
1. A method of analyzing mobile device behaviors, comprising:
- monitoring by a processor of a mobile device the mobile device behaviors to collect behavior information;
generating a behavior vector using the collected behavior information;
applying the generated behavior vector to a classifier model to generate an analysis result;
determining whether a resource in the mobile device is susceptible to misuse based on the generated analysis result;
determining in a hardware component of the mobile device whether the resource is a key asset that requires close monitoring in response to determining that the resource is susceptible to misuse based on the generated analysis result;
monitoring in the hardware component the access or use of the resource by a software application to obtain low level behavior information in response to determining that the resource is a key asset that requires close monitoring;
providing the obtained low level behavior information from the hardware component to a behavioral monitoring and analysis system of the mobile device; and
determining in the behavioral monitoring and analysis system whether the software application is suspicious based on the low level behavior information.
1 Assignment
0 Petitions
Accused Products
Abstract
Mobile computing devices may be equipped with hardware components configured to monitor key assets of the mobile device at a low level (e.g., firmware level, hardware level, etc.). The hardware component may also be configured to dynamically determine the key assets that are to be monitored in the mobile device, monitor the access or use of these key assets by monitoring data flows, transactions, or operations in a system data bus of the mobile device, and report suspicious activities to a comprehensive behavioral monitoring and analysis system of the mobile device. The comprehensive behavioral monitoring and analysis system may then use this information to quickly identify and respond to malicious or performance degrading activities of the mobile device.
-
Citations
20 Claims
-
1. A method of analyzing mobile device behaviors, comprising:
-
monitoring by a processor of a mobile device the mobile device behaviors to collect behavior information; generating a behavior vector using the collected behavior information; applying the generated behavior vector to a classifier model to generate an analysis result; determining whether a resource in the mobile device is susceptible to misuse based on the generated analysis result; determining in a hardware component of the mobile device whether the resource is a key asset that requires close monitoring in response to determining that the resource is susceptible to misuse based on the generated analysis result; monitoring in the hardware component the access or use of the resource by a software application to obtain low level behavior information in response to determining that the resource is a key asset that requires close monitoring; providing the obtained low level behavior information from the hardware component to a behavioral monitoring and analysis system of the mobile device; and determining in the behavioral monitoring and analysis system whether the software application is suspicious based on the low level behavior information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile device, comprising:
-
a hardware component; a processor coupled to the hardware component, wherein the processor is configured with processor-executable instructions to perform operations comprising; monitoring by a processor of a mobile device the mobile device behaviors to collect behavior information; generating a behavior vector using the collected behavior information; applying the generated behavior vector to a classifier model to generate an analysis result; determining whether a resource in the mobile device is susceptible to misuse based on the generated analysis result; determining via the hardware component whether the resource is a key asset that requires close monitoring in response to determining that the resource is susceptible to misuse based on the generated analysis result; monitoring via the hardware component the access or use of the resource by a software application to obtain low level behavior information in response to determining that the resource is a key asset that requires close monitoring; providing the obtained low level behavior information to a behavioral monitoring and analysis system of the mobile device; and determining via the behavioral monitoring and analysis system whether the software application is suspicious based on the low level behavior information. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a processor in a mobile device to perform operations for analyzing mobile device behaviors, the operations comprising:
-
monitoring by a processor of a mobile device the mobile device behaviors to collect behavior information; generating a behavior vector using the collected behavior information; applying the generated behavior vector to a classifier model to generate an analysis result; determining whether a resource in the mobile device is susceptible to misuse based on the generated analysis result; determining via a hardware component of the mobile device whether the resource is a key asset that requires close monitoring in response to determining that the resource is susceptible to misuse based on the generated analysis result; monitoring via the hardware component the access or use of the resource by a software application to obtain low level behavior information in response to determining that the resource is a key asset that requires close monitoring; providing the obtained low level behavior information to a behavioral monitoring and analysis system of the mobile device; and determining in the behavioral monitoring and analysis system whether the software application is suspicious based on the low level behavior information obtained by the hardware component. - View Dependent Claims (18, 19, 20)
-
Specification