Pre-identifying probable malicious behavior based on configuration pathways

US 9,519,775 B2
Filed: 10/03/2013
Issued: 12/13/2016
Est. Priority Date: 10/03/2013
Status: Active Grant

First Claim

Patent Images

1. A method of predicting probable malicious behavior on a mobile computing device, comprising:

receiving, via a processor of the mobile computing device, a pathway configuration database from a server computing device, wherein the received pathway configuration database includes information identifying;

a configuration pattern;

a pathway between configurations that lead to a non-benign configuration; and

a probability value that identifies the possibility that the pathway will lead to a non-benign behavior;

determining, via the processor, operations scheduled for execution on the mobile computing device;

determining, via the processor, a probability that execution of scheduled operations will result in the non-benign behavior in the mobile computing device based on the information included in the received pathway configuration database;

andimplementing preventative measures in response to determining that the probability that the execution of scheduled operations will result in the non-benign behavior exceeds a threshold value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The various aspects include systems and methods for enabling mobile computing devices to recognize when they are at risk of experiencing malicious behavior in the near future given a current configuration. Thus, the various aspects enable mobile computing devices to anticipate malicious behaviors before a malicious behavior begins rather than after the malicious behavior has begun. In the various aspects, a network server may receive behavior vector information from multiple mobile computing devices and apply pattern recognition techniques to the received behavior vector information to identify malicious configurations and pathway configurations that may lead to identified malicious configurations. The network server may inform mobile computing devices of identified malicious configurations and the corresponding pathway configurations, thereby enabling mobile computing devices to anticipate and prevent malicious behavior from beginning by recognizing when they have entered a pathway configuration leading to malicious behavior.

37 Citations

View as Search Results

20 Claims

1. A method of predicting probable malicious behavior on a mobile computing device, comprising:
- receiving, via a processor of the mobile computing device, a pathway configuration database from a server computing device, wherein the received pathway configuration database includes information identifying;
  
  a configuration pattern;
  
  a pathway between configurations that lead to a non-benign configuration; and
  
  a probability value that identifies the possibility that the pathway will lead to a non-benign behavior;
  
  determining, via the processor, operations scheduled for execution on the mobile computing device;
  
  determining, via the processor, a probability that execution of scheduled operations will result in the non-benign behavior in the mobile computing device based on the information included in the received pathway configuration database;
  
  andimplementing preventative measures in response to determining that the probability that the execution of scheduled operations will result in the non-benign behavior exceeds a threshold value.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein implementing the preventative measures comprises:
    - identifying a process associated with the operations scheduled for execution on the mobile computing device; and
      
      slowing down execution of the process.
  - 3. The method of claim 2, further comprising:
    - examining other behaviors occurring on the mobile computing device;
      
      determining a current configuration of the mobile computing device;
      
      determining whether there is a substantial likelihood that the current configuration will result in the non-benign behavior based on examining the other behaviors; and
      
      implementing the preventative measures for the process in response to determining that there is a substantial likelihood that the current configuration will result in the non-benign behavior based on examining the other behaviors.
  - 4. The method of claim 2, further comprising:
    - determining a classification of a current configuration of the mobile computing device;
      
      determining a classification of a potential future configuration of the mobile computing device;
      
      determining a likelihood of the current configuration causing the non-benign behavior based on the classification of the current configuration and the classification of the potential future configuration;
      
      determining whether the likelihood is substantial; and
      
      implementing the preventative measures for the process in response to determining that the likelihood is substantial.
  - 5. The method of claim 2, further comprising:
    - determining a current configuration of the mobile computing device;
      
      determining a probability of the current configuration causing the non-benign behavior based on the current configuration and the probability value included in the received pathway configuration database;
      
      determining whether the probability of the current configuration leading to the non-benign behavior exceeds a risk threshold; and
      
      implementing the preventative measures for the process in response to determining that the probability of the current configuration causing the non-benign behavior exceeds the risk threshold.

6. A mobile computing device, comprising:
- a memory;
  
  a transceiver; and
  
  a processor coupled to the memory and the transceiver, wherein the processor is configured with processor-executable instructions to perform operations comprising;
  
  receiving a pathway configuration database from a server computing device, wherein the received pathway configuration database includes information identifying;
  
  a configuration pattern,a pathway between configurations that lead to a non-benign configuration, anda probability value that identifies the possibility that the pathway will lead to a non-benign behavior;
  
  determining operations scheduled for execution on the mobile computing device;
  
  determining a probability that execution of scheduled operations will result in the non-benign behavior in the mobile computing device based on the information included in the received pathway configuration database;
  
  andimplementing preventative measures in response to determining that the probability that the execution of scheduled operations will result in the non-benign behavior exceeds a threshold value.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The mobile computing device of claim 6, wherein the processor is configured with processor-executable instructions to perform operations such that implementing the preventative measures comprises:
    - identifying a process associated with the operations scheduled for execution on the mobile computing device; and
      
      slowing down execution of the process.
  - 8. The mobile computing device of claim 7, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - examining other behaviors occurring on the mobile computing device;
      
      determining a current configuration of the mobile computing device;
      
      determining whether there is a substantial likelihood that the current configuration will result in the non-benign behavior based on examining the other behaviors; and
      
      implementing the preventative measures for the process in response to determining that there is a substantial likelihood that the current configuration will result in the non-benign behavior based on examining the other behaviors.
  - 9. The mobile computing device of claim 7, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - determining a classification of a current configuration of the mobile computing device;
      
      determining a classification of a potential future configuration of the mobile computing device;
      
      determining a likelihood of the current configuration causing the non-benign behavior based on the classification of the current configuration and the classification of the potential future configuration;
      
      determining whether the likelihood is substantial; and
      
      implementing the preventative measures for the process in response to determining that the likelihood is substantial.
  - 10. The mobile computing device of claim 7, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - determining a current configuration of the mobile computing device;
      
      determining a probability of the current configuration causing the non-benign behavior based on the current configuration and the probability value included in the received pathway configuration database;
      
      determining whether the probability of the execution of scheduled operations causing the non-benign behavior exceeds a risk threshold; and
      
      implementing the preventative measures for the process in response to determining that the probability of the current configuration causing the non-benign behavior exceeds the risk threshold.

11. A mobile computing device, comprising:
- means for receiving a pathway configuration database from a server computing device, wherein the received pathway configuration database includes information identifying;
  
  a configuration pattern;
  
  a pathway between configurations that lead to a non-benign configuration; and
  
  a probability value that identifies the possibility that the pathway will lead to a non-benign behavior;
  
  means for determining operations scheduled for execution on the mobile computing device;
  
  means for determining a probability that execution of scheduled operations will result in the non-benign behavior in the mobile computing device based on the information included in the received pathway configuration database;
  
  andmeans for implementing preventative measures in response to determining that the probability that the execution of scheduled operations will result in the non-benign behavior exceeds a threshold value.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The mobile computing device of claim 11, wherein means for implementing preventative measures comprises:
    - means for identifying a process associated with a current configuration; and
      
      means for slowing down execution of the process.
  - 13. The mobile computing device of claim 12, further comprising:
    - means for examining other behaviors occurring on the mobile computing device;
      
      means for determining whether there is a substantial likelihood that the current configuration will result in the non-benign behavior based on examination of the other behaviors; and
      
      means for implementing preventative measures for the process in response to determining that there is a substantial likelihood that the current configuration will result in the non-benign behavior based on examining the other behaviors.
  - 14. The mobile computing device of claim 12, further comprising:
    - means for determining a classification of the current configuration;
      
      means for determining a classification of a potential future configuration;
      
      means for determining a likelihood of the current configuration causing the non-benign behavior based on the classification of the current configuration and the classification of the potential future configuration;
      
      means for determining whether the likelihood is substantial; and
      
      means for implementing preventative measures for the process in response to determining that the likelihood is substantial.
  - 15. The mobile computing device of claim 12, further comprising:
    - means for determining a probability of the current configuration leading to a malicious configuration based on the current configuration and the probability value included in the received pathway configuration database;
      
      means for determining whether the probability of the current configuration leading to the malicious configuration exceeds a risk threshold; and
      
      means for implementing preventative measures for the process in response to determining that the probability of the current configuration leading to the malicious configuration exceeds the risk threshold.

16. A non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a mobile computing device processor of a mobile computing device to perform operations comprising:
- receiving a pathway configuration database from a server computing device, wherein the received pathway configuration database includes information identifying;
  
  a configuration pattern;
  
  a pathway between configurations that lead to a non-benign configuration; and
  
  a probability value that identifies the possibility that the pathway will lead to a non-benign behavior;
  
  determining a probability that execution of scheduled operations will result in the non-benign behavior in the mobile computing device based on the information included in the received pathway configuration database;
  
  andimplementing preventative measures in response to determining that the probability that the execution of scheduled operations will result in the non-benign behavior exceeds a threshold value.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory processor-readable storage medium of claim 16, wherein the stored processor-executable instructions are configured to cause a mobile computing device processor to perform operations such that implementing the preventative measures comprises:
    - identifying a process associated with the operations scheduled for execution on the mobile computing device; and
      
      slowing down execution of the process.
  - 18. The non-transitory processor-readable storage medium of claim 17, wherein the stored processor-executable instructions are configured to cause a mobile computing device processor to perform operations further comprising:
    - examining other behaviors occurring on the mobile computing device;
      
      determining a current configuration of the mobile computing device;
      
      determining whether there is a substantial likelihood that the current configuration will result in the non-benign behavior based on examining the other behaviors; and
      
      implementing the preventative measures for the process in response to determining that there is a substantial likelihood that the current configuration will result in the non-benign behavior based on examining the other behaviors.
  - 19. The non-transitory processor-readable storage medium of claim 17, wherein the stored processor-executable instructions are configured to cause a mobile computing device processor to perform operations further comprising:
    - determining a classification of a current configuration of the mobile computing device;
      
      determining a classification of a potential future configuration of the mobile computing device;
      
      determining a likelihood of the current configuration causing the non-benign behavior based on the classification of the current configuration and the classification of the potential future configuration;
      
      determining whether the likelihood is substantial; and
      
      implementing the preventative measures for the process in response to determining that the likelihood is substantial.
  - 20. The non-transitory processor-readable storage medium of claim 17, wherein the stored processor-executable instructions are configured to cause a mobile computing device processor to perform operations further comprising:
    - determining a current configuration of the mobile computing device;
      
      determining a probability of the current configuration causing the non-benign behavior based on the current configuration and the probability value included in the received pathway configuration database;
      
      determining whether the probability of the current configuration causing the non-benign behavior exceeds a risk threshold; and
      
      implementing the preventative measures for the process in response to determining that the probability of the current configuration causing the non-benign behavior exceeds the risk threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Sridhara, Vinay, Patne, Salyajit Prabhakar, Gupta, Rajarshi
Primary Examiner(s)
Moorthy, Aravind

Application Number

US14/044,937
Publication Number

US 20150101047A1
Time in Patent Office

1,167 Days
Field of Search

726/25, 726/26, 726/34, 713/1, 713/187
US Class Current

1/1
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 9/44505   Configuring for program ini...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

Pre-identifying probable malicious behavior based on configuration pathways

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Pre-identifying probable malicious behavior based on configuration pathways

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links