Application malware filtering for advertising networks
First Claim
Patent Images
1. A system for application (“
- app”
) malware filtering for advertising (“
ad”
) networks, comprising;
a hardware processor of a cloud service for ad network providers for automatically detecting malware apps being distributed through an ad network, the hardware processor configured to;
receive ad content;
generate a hash of the ad content;
determine whether the ad content has been previously analyzed by the cloud service based on a match of the hash of the ad content;
if the ad content has not been previously analyzed by the cloud service, then process the ad content, comprising;
determine whether the ad content includes a link to an app; and
in the event that the ad content includes the link to the app, scan the app, comprising;
determine an attribute of the app, wherein the attribute includes at least one of a behavior, a feature, or a category;
determine whether the ad content is associated with a malicious app based on the processing of the ad content and based on a policy, comprising to;
perform a dynamic analysis of the ad content to determine whether the ad content is associated with the malicious app, comprising to;
monitor internal and external app application program interface (API) calls performed by the app during execution to monitor at least one behavior of the app; and
determine whether the at least one monitored behavior exceeds or is outside scope of authorization of the app; and
perform an action based on the policy; and
a memory coupled to the hardware processor and configured to provide the hardware processor with instructions.
7 Assignments
0 Petitions
Accused Products
Abstract
Application malware filtering for advertising networks is disclosed. For example, techniques for providing a system and process for detecting malicious ad content (e.g., or other undesirable ad content) distributed by advertising (ad) networks are disclosed. In some embodiments, application (“app”) malware filtering for advertising networks includes receiving ad content; processing the ad content; and automatically determining whether the ad content is associated with a malicious app.
-
Citations
21 Claims
-
1. A system for application (“
- app”
) malware filtering for advertising (“
ad”
) networks, comprising;a hardware processor of a cloud service for ad network providers for automatically detecting malware apps being distributed through an ad network, the hardware processor configured to; receive ad content; generate a hash of the ad content; determine whether the ad content has been previously analyzed by the cloud service based on a match of the hash of the ad content; if the ad content has not been previously analyzed by the cloud service, then process the ad content, comprising; determine whether the ad content includes a link to an app; and in the event that the ad content includes the link to the app, scan the app, comprising; determine an attribute of the app, wherein the attribute includes at least one of a behavior, a feature, or a category; determine whether the ad content is associated with a malicious app based on the processing of the ad content and based on a policy, comprising to; perform a dynamic analysis of the ad content to determine whether the ad content is associated with the malicious app, comprising to; monitor internal and external app application program interface (API) calls performed by the app during execution to monitor at least one behavior of the app; and determine whether the at least one monitored behavior exceeds or is outside scope of authorization of the app; and perform an action based on the policy; and a memory coupled to the hardware processor and configured to provide the hardware processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 21)
- app”
-
20. A method of application (“
- app”
) malware filtering for advertising (“
ad”
) networks, comprising;receiving ad content; generating a hash of the ad content; determining whether the ad content has been previously analyzed by a cloud service based on a match of the hash of the ad content; if the ad content has not been previously analyzed by the cloud service, then processing the ad content using a processor of a cloud service for ad network providers for automatically detecting malware apps being distributed through an ad network, comprising; determining whether the ad content includes a link to an app; and in the event that the ad content includes the link to the app, scanning the app, comprising; determining an attribute of the app, wherein the attribute includes at least one of a behavior, a feature, or a category; determining whether the ad content is associated with a malicious app based on the processing of the ad content and based on a policy, comprising; performing a dynamic analysis of the ad content to determine whether the ad content is associated with the malicious app, comprising to; monitoring internal and external app application program interface (API) calls performed by the app during execution to monitor at least one behavior of the app; and determining whether the at least one monitored behavior exceeds or is outside scope of authorization of the app; and performing an action based on the policy.
- app”
Specification