Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security
First Claim
Patent Images
1. A method for assessing the quality of mobile applications, the method comprising:
- providing a computer networked environment comprising a cloud-based service for mobile devices that when operated;
performs a static analysis risk assessment of binary code associated with a mobile application being submitted by a submission source, the static analysis comprising de-compiling the binary code to obtain corresponding source code and determining from the source code at least one capability of the binary code;
examines execution behavior of the mobile application within an instrumented sandbox environment;
aggregates analysis of the execution behavior and static analysis to generate a feature vector comprising;
(i) a network summary feature, (ii) an operating system based behavioral feature, and (iii) a static analysis feature; and
performs classification using the feature vector, yielding predictor statistics describing quality and vulnerability characteristics of mobile application.
4 Assignments
0 Petitions
Accused Products
Abstract
The present system includes a computer-networked system that allows mobile subscribers, and others, to submit mobile applications to be analyzed for anomalous and malicious behavior using data acquired during the execution of the application within a highly instrumented and controlled environment for which the analysis relies on per-execution as well as comparative aggregate data across many such executions from one or more subscribers.
-
Citations
45 Claims
-
1. A method for assessing the quality of mobile applications, the method comprising:
providing a computer networked environment comprising a cloud-based service for mobile devices that when operated; performs a static analysis risk assessment of binary code associated with a mobile application being submitted by a submission source, the static analysis comprising de-compiling the binary code to obtain corresponding source code and determining from the source code at least one capability of the binary code; examines execution behavior of the mobile application within an instrumented sandbox environment; aggregates analysis of the execution behavior and static analysis to generate a feature vector comprising;
(i) a network summary feature, (ii) an operating system based behavioral feature, and (iii) a static analysis feature; andperforms classification using the feature vector, yielding predictor statistics describing quality and vulnerability characteristics of mobile application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
Specification