Search International and National Patent Collections

1. (WO2018084912) METHODS AND SYSTEMS FOR ANOMALY DETECTION USING FUNCTION SPECIFICATIONS DERIVED FROM SERVER INPUT/OUTPUT (I/O) BEHAVIOR

Pub. No.:    WO/2018/084912    International Application No.:    PCT/US2017/047732
Publication Date: Sat May 12 01:59:59 CEST 2018 International Filing Date: Tue Aug 22 01:59:59 CEST 2017
IPC: G06F 21/55
G06F 21/57
G06F 21/85
H04L 29/06
Applicants: QUALCOMM INCORPORATED
Inventors: CHRISTODORESCU, Mihai
ISLAM, Nayeem
RAMAN, Arun
GE, Shuhua
Title: METHODS AND SYSTEMS FOR ANOMALY DETECTION USING FUNCTION SPECIFICATIONS DERIVED FROM SERVER INPUT/OUTPUT (I/O) BEHAVIOR
Abstract:
Various embodiments include methods of protecting a computing device within a network from malware or other non-benign behaviors. A computing device may monitor inputs and outputs to a server, derive a functional specification from the monitored inputs and outputs, and use the functional specification for anomaly detection. Use of the derived functional specification for anomaly detection may include determining whether a behavior, activity, web application, process or software application program is non-benign. The computing device may be the server, and the functional specification may be used to determine whether the server is under attack. In some embodiments, the computing device may constrain the functional specification with a generic constraint, detect a new input-output pair, determine whether the detected input-output pair satisfies the constrained functional specification, and determine that the detected input-output pair is anomalous upon determining that the detected input-output pair (or request-response pair) satisfies the constrained functional specification.