Abstract: A method for runtime malware detection is described. In one embodiment, the method may include classifying a first file as clean and a second file as malware, performing a sample execution of the first and second files, identifying system processes called during sample executions of the first and second files, mapping each system process of the host operating system to a position on an image matrix, indicating each system process called during the sample execution of the first file in a first image matrix and each system process called during the sample execution of the second file in a second image matrix, and determining at runtime a probability an unknown file includes malware based at least in part on an analysis of the unknown file in relation to at least one of the first instance and the second instance of the generated image matrix.

Abstract: The disclosed computer-implemented method for detecting illegitimate voice calls may include (1) identifying an incoming voice call, (2) processing the incoming voice call in real time by (a) segmenting the incoming voice call into progressively produced call segments and, (b) for each new segment as the progressively produced call segments are produced, (A) extracting a set of features from the new segment and (B) feeding, as input into a neural network, the set of features and an output from the neural network generated based on a preceding segment of the incoming voice call, thereby generating a new output representing the current likelihood that the incoming voice call is illegitimate, (3) determining that the likelihood that the incoming voice call is illegitimate is above a predetermined threshold, and (4) performing a security action during the incoming voice call. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Locally securing sensitive data stored on a mobile phone. In one embodiment, a computer-implemented method for locally securing sensitive data stored on a mobile phone may be performed, at least in part, by a computing device including at least one processor. The method may include operating a mobile phone in an owner mode. The method may also include locally detecting, by the mobile phone, an insecurity event on the mobile phone. The method may further include, in response to locally detecting the insecurity event on the mobile phone, automatically switching, by the mobile phone, to operating the mobile phone in a guest mode, with the automatic switching to operating the mobile phone in the guest mode resulting in automatically securing sensitive data stored locally on the mobile phone.