Malware and anomaly detection via activity recognition based on sensor data
First Claim
1. A system comprising:
- a memory that stores instructions;
a processor that executes the instructions to perform operations, the operations comprising;
analyzing sensor data collected from at least one sensor associated with a device;
determining a context of the device when the device is in a connected state, wherein the context of the device is determined based on the sensor data collected from the at least one sensor, wherein the context of the device comprises an indication as to a speed of the device;
determining whether a source of received traffic or a destination of transmitted traffic by the device during the connected state is in a white list; and
transmitting an alert when the source of the received traffic or the destination of the transmitted traffic is not in the white list and when the context determined for the device indicates that the context does not correlate with the received traffic or the transmitted traffic.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for malware and anomaly detection via activity recognition based on sensor is disclosed. The system may analyze sensor data collected during a selected time period from one or more sensors that are associated with a device. Once the sensor data is analyzed, the system may determine a context of the device when the device is in a connected state. The system may determine the context of the device based on the sensor data collected during the selected time period. The system may also determine if traffic received or transmitted by the device during the connected state is in a white list. Furthermore, the system may transmit an alert if the traffic is determined to not be in the white list or if the context determined for the device indicates that the context does not correlate with the traffic.
29 Citations
20 Claims
-
1. A system comprising:
-
a memory that stores instructions; a processor that executes the instructions to perform operations, the operations comprising; analyzing sensor data collected from at least one sensor associated with a device; determining a context of the device when the device is in a connected state, wherein the context of the device is determined based on the sensor data collected from the at least one sensor, wherein the context of the device comprises an indication as to a speed of the device; determining whether a source of received traffic or a destination of transmitted traffic by the device during the connected state is in a white list; and transmitting an alert when the source of the received traffic or the destination of the transmitted traffic is not in the white list and when the context determined for the device indicates that the context does not correlate with the received traffic or the transmitted traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
analyzing, by a processor, sensor data collected from at least one sensor associated with a device; determining, by the processor, a context of the device when the device is in a connected state, wherein the context of the device is determined based on the sensor data collected from the at least one sensor, wherein the context of the device comprises an indication as to a speed of the device; determining, by the processor, whether a source of received traffic or a destination of transmitted traffic by the device during the connected state is in a white list; and transmitting, by the processor, an alert when the source of the received traffic or the destination of the transmitted traffic is not in the white list and when the context determined for the device indicates that the context does not correlate with the received traffic or the transmitted traffic. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable device comprising instructions, which when executed by a processor, cause the processor to perform operations comprising:
-
analyzing sensor data collected from at least one sensor associated with a device; determining a context of the device when the device is in a connected state, wherein the context of the device is determined based on the sensor data collected from the at least one sensor, wherein the context of the device comprises an indication as to a speed of the device; determining whether a source of received traffic or a destination of transmitted traffic by the device during the connected state is in a white list; and transmitting an alert when the source of the received traffic or the destination of the transmitted traffic is not in the white list and when the context determined for the device indicates that the context does not correlate with the received traffic or the transmitted traffic. - View Dependent Claims (18, 19, 20)
-
Specification