Abstract: Example methods, apparatuses, or articles of manufacture are disclosed herein that may be utilized, in whole or in part, to facilitate or support one or more operations or techniques for a relatively faster time-to-first-fix, such as for use in or with a mobile communication device. Briefly, in accordance with at least one implementation, a method may include transmitting a first message to a mobile device, the first message comprising abbreviated positioning assistance data; receiving a second message from the mobile device, the second message comprising an indication of a coarse location of the mobile device; and transmitting a third message to the mobile device, the third message comprising a detailed tiled radio heat map obtained based, at least in part, on the received indication of the coarse location of the mobile device.

Abstract: Methods and devices for detecting suspicious or performance-degrading mobile device behaviors may include performing behavior monitoring and analysis operations to intelligently, dynamically, and/or adaptively determine the mobile device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the behaviors are to be observed. Such behavior monitoring and analysis operations may be performed continuously (or near continuously) in a mobile device without consuming an excessive amount of processing, memory, or energy resources of the mobile device by identifying hot application programming interfaces (APIs) and hot action patterns that are invoked or used most frequently by software applications of the mobile device and storing information regarding these hot APIs and hot action patterns separately and more efficiently.

Abstract: The embodiments include methods and systems for detecting advertising fraud in a computing device by monitoring information received in a receiver component of the computing device, monitoring information received in a render component of the computing device, comparing the information received in the receiver component to the information received in the render component to generate comparison results, using the comparison results to determine whether there are discrepancies between the received information and the rendered information, and performing fraud prevention operations in response to determine that there are discrepancies between the received information and the rendered information. The fraud prevention operations may include dropping a connection to cease receiving the information in the receiver component, sending negative or position feedback to the service provider or a security server, and performing other similar operations.

Abstract: The disclosure generally relates to behavioral analysis to automate monitoring Internet of Things (IoT) device health in a direct and/or indirect manner. In particular, normal behavior associated with an IoT device in a local IoT network may be modeled such that behaviors observed at the IoT device may be compared to the modeled normal behavior to determine whether the behaviors observed at the IoT device are normal or anomalous. Accordingly, in a distributed IoT environment, more powerful “analyzer” devices can collect behaviors locally observed at other (e.g., simpler) “observer” devices and conduct behavioral analysis across the distributed IoT environment to detect anomalies potentially indicating malicious attacks, malfunctions, or other issues that require customer service and/or further attention.

Abstract: Disclosed is a method for malicious activity detection in a mobile station of a particular model. In the method, generic malicious behavior patterns are received from a network-based malicious behavior profiling system. Mobile-station-model-specific-behavior-analysis algorithms are generated in the mobile station based on the generic malicious behavior patterns. Mobile station operations may be observed to generate a mobile station activity observation. The mobile station activity observation may be analyzed using the mobile-station-model-specific-behavior-analysis algorithms to generate an activity analysis. Malicious activity may be detected based on the activity analysis.

Abstract: Various aspects include methods and computing devices implementing the methods for evaluating device behaviors in the computing devices. Aspect methods may include using a behavior-based machine learning technique to classify a device behavior as one of benign, suspicious, and non-benign. Aspect methods may include using one of a multi-label classification and a meta-classification technique to sub-classify the device behavior into one or more sub-categories. Aspect methods may include determining a relative importance of the device behavior based on the sub-classification, and determining whether to perform robust behavior-based operations based on the determined relative importance of the device behavior.

Abstract: Aspects include computing devices, systems, and methods for implementing detecting return oriented programming (ROP) attacks on a computing device. A memory traversal map for a program called to run on the computing device may be loaded. A memory access request of the program to a memory of the computing device may be monitored and a memory address of the memory from the memory access request may be retrieved. The retrieved memory address may be compared to the memory traversal map and a determination of whether the memory access request indicates a ROP attack may be made. The memory traversal map may include a next memory address adjacent to a previous memory address in the memory traversal map. A cumulative anomaly score based on mismatches between the retrieved memory address and the memory traversal map may be calculated and used to determine whether to load a finer grain memory traversal map.

Abstract: Systems and methods are disclosed for automating customer service for a monitored device (MD). A method for an Internet of Everything management device to automate customer service for a monitored device comprises collecting sensor data from a plurality of sensors, wherein the plurality of sensors comprises a first sensor that is not included in the MD, determining whether the MD is exhibiting abnormal behavior based on an analysis of the collected sensor data, and transmitting a report to a customer service entity associated with the MD in response to a determination that the MD is exhibiting abnormal behavior.

Abstract: Systems, methods, and devices of the various aspects enable detecting a malfunction caused by radio frequency (RF) interference. A computing device processor may identify a location of the computing device based on a plurality of real-time data inputs received by the computing device. The processor may characterize an RF environment of the computing device based on the identified location and the plurality of real-time data inputs. The processor may determine at least one RF emissions threshold based on the characterization of the RF environment. The processor may compare the characterization of the RF environment to the at least one RF emissions threshold, and may perform an action in response to determining that the characterization of the RF environment exceeds the at least one RF emissions threshold.

Abstract: Methods, systems and devices for identifying, classifying, modeling, and responding to mobile device behaviors may include using lightweight processes to monitor and analyze various conditions and device behaviors to detect an instance of a non-benign behavior, increasing a level of security or scrutiny to identify other instances of non-benign behavior, and notifying select computing devices of the increased security risk so that they may also increase their security/scrutiny levels. For example, a computing device may be configured to perform a first type of analysis operations (e.g., lightweight analysis operations) to determine whether there is an increased security risk, and perform a second type of analysis operations (e.g., robust analysis operations) in response to determining that there is an increased security risk to determine whether there are additional security risks that are different from the security risk detected via the performance of the first type of analysis operations.

Abstract: Methods and devices for tracking data flows in a computing device include monitoring memory in a hardware component of the computing device to identify a read operation that reads information from a tainted memory address, using heuristics to identify a first, second, and third number of operations performed after the identified read operation, marking memory addresses of write operations performed after first number of operations and before the second number of operations as tainted, and marking memory addresses of write operations performed after the third number of operations and before the second number of operations as untainted.

Abstract: Disclosed are systems, apparatus, devices, methods, computer program products, and other implementations, including a method that includes determining location of a device, and controlling monitoring of behavior of one or more processes executing on the device based on the determined location of the device to identify potential one or more security-risky processes from the monitored one or more executing processes. In some embodiments, controlling the monitoring of the behavior of the one or more processes may include one or more of, for example, adjusting frequency of the monitoring of the one or more processes based on the determined location of the device, adjusting level of detail obtained for the monitored behavior of the one or more processes based on the determined location of the device, and/or adjusting features being observed for the monitored one or more processes based on the determined location of the device.

Abstract: In one implementation, a method may comprise: obtaining a digital map of an indoor region that identifies boundaries between subsections within the indoor region; and approximating locations of walls separating rooms within at least one of the subsections based, at least in part, on locations of feature labels provided in the digital map.

Abstract: The subject matter disclosed herein relates to systems, methods, apparatuses, devices, articles, and means for map handling for location based services in conjunction with localized environments.

Abstract: Paging load and/or registration load in a network is reduced by using different types of identifiers to specifying which nodes page an access terminal in the network. In some aspects, the network maintains a list that specifies that certain individual nodes (e.g., cells or sectors) are to page a given access terminal and/or that one or more zones (e.g., tracking areas) are to page the access terminal. In some aspects, an access terminal in a network may be configured to provide a forward-looking paging list to the network. The list provided by an access terminal may specify different types of node identifiers (e.g., individual node identifiers, subscriber groups, etc.). The network may then use the list to determine which nodes are to page a given access terminal such that when the access terminal moves to a different node, that node may already be configured to page the access terminal.

Abstract: A behavior-based security system of a computing device may be protected from non-benign behavior, malware, and cyber attacks by configuring the device to work in conjunction with another component (e.g., a server) to monitor the accuracy and performance of the security system, and determine whether the system is working correctly, efficiently, or as expected. This may be accomplished via the server generating artificial attack software, sending the generated artificial attack software to the mobile device to simulate non-benign behavior in the mobile device, such as a cyber attack, and determining whether the behavior-based security system of the mobile device responded adequately to the simulated non-benign behavior. The sever may send a dead-man signal to the mobile device in response to determining that the behavior-based security system of the mobile device did not respond adequately to the simulated non-benign behavior.

Abstract: Mobile computing devices may be equipped with hardware components configured to monitor key assets of the mobile device at a low level (e.g., firmware level, hardware level, etc.). The hardware component may also be configured to dynamically determine the key assets that are to be monitored in the mobile device, monitor the access or use of these key assets by monitoring data flows, transactions, or operations in a system data bus of the mobile device, and report suspicious activities to a comprehensive behavioral monitoring and analysis system of the mobile device. The comprehensive behavioral monitoring and analysis system may then use this information to quickly identify and respond to malicious or performance degrading activities of the mobile device.

Abstract: The various aspects include methods, systems, and devices configured to make use of caching techniques and behavior signature caches to improve processor performance and/or reduce the amount of power consumed by the computing device by reducing analyzer latency. The signature caching system may be configured to adapt to rapid and frequent changes in behavioral specifications and models and provide a multi-fold improvement in the scalability of behavioral analysis operations performed on the mobile device.

Abstract: Described are devices, methods, techniques and systems for locating a portable services access transceiver (PSAT) for use in aiding emergency “911” services. In one implementation, one or more conditions indicative of movement of a PSAT may initiate a process for obtaining a new estimated location of the PSAT. In another implementation, a location of a PSAT may be determined or updated using indoor navigation techniques.

Abstract: Techniques are provided for a mobile, which may be implemented in various methods, apparatuses, and/or articles of manufacture to obtain an encoded routability graph representative of feasible paths for an indoor environment, along with values indicative of likelihoods of transition at certain junctions identifiable in the encoded routability graph, and determine one or both of an estimated position or an estimated direction of travel of the mobile device.