| CPC G06F 21/554 (2013.01) [G06F 21/56 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for protecting against malicious application encounters, at least a portion of the method being performed by a computing device comprising one or more processors, the method comprising:
obtaining application data and feature data from a plurality of mobile devices;
identifying one or more malicious applications installed on each mobile device within the plurality of mobile devices;
determining, based on the application data, a user profile for each mobile device within the plurality of mobile devices;
assigning each mobile device within the plurality of mobile devices to a cluster based on the user profile identified for each mobile device within the plurality of mobile devices such that each cluster includes a subset of mobile devices from the plurality of mobile devices;
creating, based on the feature data, a security model for a particular cluster, wherein the feature data relates to a distribution of application signers or application categories by each mobile device within the subset of mobile devices and one or more feature classes from a subset of mobile devices from the plurality of mobile devices that are assigned to the particular cluster, the one or more feature classes including volume, diversity, updates, distribution, prevalence, or geography;
applying the security model to a selected mobile device from the plurality of mobile devices that is within the particular cluster; and
performing a security action on the selected mobile device based on an output of the security model.
|