Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2019068054) OBSERVATION AND CLASSIFICATION OF DEVICE EVENTS
Latest bibliographic data on file with the International Bureau    Submit observation

Pub. No.: WO/2019/068054 International Application No.: PCT/US2018/053656
Publication Date: 04.04.2019 International Filing Date: 29.09.2018
IPC:
G06F 11/30 (2006.01) ,G06F 21/56 (2013.01) ,H04W 12/12 (2009.01)
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
11
Error detection; Error correction; Monitoring
30
Monitoring
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
21
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55
Detecting local intrusion or implementing counter-measures
56
Computer malware detection or handling, e.g. anti-virus arrangements
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
W
WIRELESS COMMUNICATION NETWORKS
12
Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
12
Fraud detection
Applicants:
LEW, Hiram [US/US]; US
HAVLICEK, Filip [CZ/CZ]; CZ
SOLE, Pablo [US/US]; US
POP, Tomas [CZ/CZ]; CZ
Inventors:
LEW, Hiram; US
HAVLICEK, Filip; CZ
SOLE, Pablo; US
POP, Tomas; CZ
Agent:
KIRCHER, William, B.; US
BOWMAN, Robert, J.; US
ELLENBECKER, Max; US
KAPPEL, Kristine, L.; US
REILLY, Robert, Liam; US
OLEEN, Nathan, E.; US
Priority Data:
16/141,26825.09.2018US
62/565,91729.09.2017US
Title (EN) OBSERVATION AND CLASSIFICATION OF DEVICE EVENTS
(FR) OBSERVATION ET CLASSIFICATION D'ÉVÉNEMENTS DE DISPOSITIF
Abstract:
(EN) Systems and methods observe and classify device events. A model containing a set of features to be observed can be determined based on machine learning and training methods. A client application can issue a transaction request to an operating system service. A determination can be made whether the operating system service, a method associated with the transaction request, and the client application are currently being observed. In response to determining that the operating system service, a method associated with the transaction request, and the client application are being observed, a behavioral vector associated with the client application can be modified to indicate that the feature represented by the method is associated with the client application. The behavioral vector can be used to determine if the client application is malware.
(FR) L'invention concerne des systèmes et des procédés d'observation et de classification d'événements de dispositif. Un modèle contenant un ensemble de caractéristiques à observer peut être déterminé sur la base de procédés d'apprentissage machine et d'apprentissage. Une application de client peut émettre une demande de transaction à destination d'un service de système d'exploitation. Il est possible de déterminer si le service de système d'exploitation, un procédé associé à la demande de transaction et l'application de client sont en cours d'observation. En réponse à la détermination du fait que le service de système d'exploitation, un procédé associé à la demande de transaction, et l'application de client sont en cours d'observation, un vecteur comportemental associé à l'application de client peut être modifié pour indiquer que la caractéristique représentée par le procédé est associée à l'application de client. Le vecteur comportemental peut servir à déterminer si l'application de client est un programme malveillant.
front page image
Designated States: AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW
African Regional Intellectual Property Organization (ARIPO) (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW)
Eurasian Patent Office (AM, AZ, BY, KG, KZ, RU, TJ, TM)
European Patent Office (EPO) (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR)
African Intellectual Property Organization (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG)
Publication Language: English (EN)
Filing Language: English (EN)