최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0546995 (2012-07-11) |
등록번호 | US-8984581 (2015-03-17) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 26 인용 특허 : 585 |
Systems and methods for monitoring mobile application activities for malicious traffic on a mobile device are disclosed. One embodiment of a method which can be implemented on a system includes, monitoring application activities of a mobile application on the mobile device, detecting, from the appli
Systems and methods for monitoring mobile application activities for malicious traffic on a mobile device are disclosed. One embodiment of a method which can be implemented on a system includes, monitoring application activities of a mobile application on the mobile device, detecting, from the application activities, suspicious activity, and/or blocking traffic from which the suspicious activity is detected. One embodiment includes creating a policy based on the information aggregated from the multiple mobile devices and/or broadcasting the policy to other mobile devices of the suspicious activity detected from the multiple mobile devices.
1. A method of monitoring mobile application activities for malicious traffic on a mobile device, the method, comprising: monitoring, by a mobile device, application activities of a mobile application on the mobile device;detecting, by the mobile device and from the application activities, suspiciou
1. A method of monitoring mobile application activities for malicious traffic on a mobile device, the method, comprising: monitoring, by a mobile device, application activities of a mobile application on the mobile device;detecting, by the mobile device and from the application activities, suspicious activity of the mobile application, including detection of a process that is performed in advance of a traffic event;blocking traffic from which the suspicious activity is detected;further responsive to detecting that traffic includes suspicious activity, logging a traffic pattern or sequence of events of the traffic and the mobile application; andperforming a verification process on the traffic;wherein monitoring application activities includes collecting information about a request or information about a response to the request initiated at the mobile device and using the information collected about the request or the response to identify or to detect malicious traffic, wherein the information includes request characteristics information associated with the request or response characteristics information associated with the response received for the request, and wherein the information collected about the request or response received for the request initiated at the mobile device is further used to determine cacheability of the response. 2. The method of claim 1, further comprising, requesting verification of whether the traffic that is blocked is valid or not by generating a user dialogue in a user interface on the mobile device to prompt a user. 3. The method of claim 1, further comprising, performing a verification process on the traffic; blacklisting the traffic and the mobile application responsive to determining that the traffic is not valid. 4. The method of claim 3, further comprising, white listing the traffic and the mobile application responsive to determining that the traffic is valid. 5. The method of claim 1, further comprising, responsive to determining that the traffic is not valid, reporting the mobile application or the traffic to a virus protection entity or a security entity. 6. The method of claim 1, further comprising, detecting suspicious activity of mobile applications at multiple mobile devices;aggregating information regarding the suspicious activity detected from multiple mobile device. 7. The method of claim 6, further comprising, creating a policy based on the information aggregated from the multiple mobile devices. 8. The method of claim 7, further comprising, broadcasting the policy to other mobile devices of the suspicious activity detected from the multiple mobile devices. 9. The method of claim 1, wherein, the suspicious activity is detected from request destination of the traffic. 10. The method of claim 1, wherein, the suspicious activity is detected using a security certificate of the traffic. 11. The method of claim 1, wherein, the suspicious activity is detected from traffic which invokes billable activity. 12. The method of claim 1, wherein, the suspicious activity is detected based on a port to or from which the traffic is directed. 13. The method of claim 1, wherein, the suspicious activity is detected upon detection of URL stripping. 14. The method of claim 1, wherein, the suspicious activity is detected when the traffic includes a non-secure request to a known secure site. 15. The method of claim 1, wherein, the request characteristics information includes timing characteristics between the request and other requests initiated at the mobile device; wherein, the timing characteristics include one or more of, time of day, frequency of occurrence of the requests, and time interval between the requests. 16. The method of claim 1, wherein, in response to detecting or identifying malicious or potentially malicious suspicious traffic, generating a notification. 17. The method of claim 16, wherein least one of: the notification prompts a user of the mobile device whether the user wishes to allow the malicious or suspicious traffic;the notification is delivered to an operating system of the mobile device or a network operator servicing the mobile device;the notification is delivered by an operating system of the mobile device; andthe notification is generated by an operating system of the mobile device. 18. The method of claim 17, wherein an operating system of the mobile device comprises a mobile operating system. 19. A system for mobile network malware detection, the system, comprising: a first module including hardware for monitoring, by a mobile device, application activities of a mobile application on the mobile device;a second module including hardware for detecting, by the mobile device and from the application activities, suspicious activity of the mobile application, including detection of a process that is performed by the mobile device in advance of a traffic event;a third module including hardware for blocking traffic from which the suspicious activity is detected;a fourth module including hardware for reporting the suspicious activity information to a virus protection entity or a security entity or logging a traffic pattern or sequence of events of the traffic and the mobile application,wherein the system performs a verification process on the traffic, wherein monitoring application activities includes collecting information about a request or information about a response to the request initiated at the mobile device and using the information collected about the request or the response to identify or to detect malicious traffic, wherein the information includes request characteristics information associated with the request or response characteristics information associated with the response received for the request, and wherein the information collected about the request or response received for the request initiated at the mobile device is further used to determine cacheability of the response. 20. The system of claim 19, further comprising, a fifth module including hardware for generating policy information for malicious mobile traffic using the suspicious activity information. 21. The system of claim 20, wherein, the policy information includes an identification of the mobile application and firewall rules which prevent the mobile application from executing on the mobile device. 22. The system of claim 20, wherein, the policy information includes an identification of the mobile application and firewall rules which prevent the mobile application from accessing the wireless network. 23. The system of claim 20, wherein, the policy information includes an identification of the mobile application and firewall rules which prevent the mobile application from interacting with a user. 24. The system of claim 20, wherein, the policy information includes an identification of the mobile application and firewall rules which prevent the mobile application from requesting a user for personal information. 25. The system of claim 20, wherein, the policy information includes an identification of the mobile application and rules which automatically uninstalls the application or rules which automatically blocks future installations of the mobile application. 26. The system of claim 19, further comprising, enabling a third party to define the policy information; wherein, the third party is a mobile operating system, a mobile operator or wireless carrier. 27. A method of monitoring mobile application activities for malicious traffic on a mobile device, the method, comprising: detecting by a mobile device and from activities of a mobile application, suspicious activity of the mobile application, including detection of a process that is performed in advance of a traffic event;blocking traffic from which the suspicious activity is detected;further responsive to detecting that the traffic includes suspicious activity, logging a traffic pattern or sequence of events of the traffic and the mobile application;performing a verification process on the traffic;generating policy information for malicious mobile traffic using the suspicious activity information; andenabling a third party to define the policy information;wherein, the third party is a mobile operating system, a mobile operator or wireless carrier, wherein monitoring application activities includes collecting information about a request or information about a response to the request initiated at the mobile device and using the information collected about the request or the response to identify or to detect malicious traffic, wherein the information includes request characteristics information associated with the request or response characteristics information associated with the response received for the request, and wherein the information collected about the request or response received for the request initiated at the mobile device is further used to determine cacheability of the response.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.