公开(公告)号：EP3084674B1

公开(公告)日：2018-10-17

申请号：EP13899624.4

申请日：2013-12-18

Applicant: Intel Corporation

Inventor： BEN-SHALOM, Omer ,  MUTTIK, Igor ,  NAYSHTUT, Alex ,  AVIDAN, Yaniv

IPC: G06F21/56 ,  H04L29/06 ,  G06F21/55

CPC classification number: H04L63/145 ,  G06F21/55 ,  G06F21/56 ,  G06F21/567 ,  H04L63/107 ,  H04L63/1416 ,  H04L63/1441

Abstract: Various embodiments are generally directed to techniques to detect and eradicate malware attacks by employing information indicative of malware activity received from both endpoint devices and network devices proving network services to endpoint devices. An apparatus to detect malware includes a processor component, an analysis component for execution by the processor component to employ a trust level assigned to a device in a network as a factor in an analysis of an indication received from the device of a malware attack, and an eradication component for execution by the processor component to determine an action to take through the network to eradicate the malware attack based on the analysis. Other embodiments are described and claimed.

公开(公告)号：EP3084674A1

公开(公告)日：2016-10-26

申请号：EP13899624.4

申请日：2013-12-18

Applicant: Intel Corporation

Inventor： BEN-SHALOM, Omer ,  MUTTIK, Igor ,  NAYSHTUT, Alex ,  AVIDAN, Yaniv

IPC: G06F21/56

CPC classification number: H04L63/145 ,  G06F21/55 ,  G06F21/56 ,  G06F21/567 ,  H04L63/107 ,  H04L63/1416 ,  H04L63/1441

Abstract: Various embodiments are generally directed to techniques to detect and eradicate malware attacks by employing information indicative of malware activity received from both endpoint devices and network devices proving network services to endpoint devices. An apparatus to detect malware includes a processor component, an analysis component for execution by the processor component to employ a trust level assigned to a device in a network as a factor in an analysis of an indication received from the device of a malware attack, and an eradication component for execution by the processor component to determine an action to take through the network to eradicate the malware attack based on the analysis. Other embodiments are described and claimed.

公开(公告)号：EP3077944A1

公开(公告)日：2016-10-12

申请号：EP13898560.1

申请日：2013-12-02

Applicant: Intel Corporation

Inventor： NAYSHTUT, Alex ,  MUTTIK, Igor ,  AVIDAN, Yaniv

IPC: G06F21/00 ,  G06F11/30

CPC classification number: H04L63/20 ,  G06F21/577 ,  G06N5/025 ,  H04L63/1433

Abstract: This disclosure is directed to a protection system including security rule evaluation. A device may comprise a protection module to identify threats to at least one of the device or to a network including the device. The protection module may include, for example, a rule evaluator (RE) module to evaluate proposed security rules for identifying the threats based on at least one ground truth scenario and to determine whether to promote the proposed security rules to new security rules. The proposed security rules may be generated by the protection module or received from other devices in the network or other networks. New security rules may be shared with the other devices and/or networks. The RE module may further trigger an independent evaluation of the proposed security rules, which may also be considered when determining whether to add the proposed security rules to the set of active rules in the device.

Abstract translation: 本公开涉及包括安全规则评估的保护系统。 设备可以包括保护模块以识别至少一个设备或包括设备的网络的威胁。 保护模块可以包括例如规则评估器（RE）模块，以评估基于至少一个地面真实场景来识别威胁的建议的安全规则，并且确定是否将所提出的安全规则推广到新的安全规则。 所提出的安全规则可以由保护模块生成或从网络或其他网络中的其他设备接收。 新的安全规则可以与其他设备和/或网络共享。 RE模块还可以触发对所提出的安全规则的独立评估，当确定是否将所提出的安全规则添加到设备中的一组活动规则时也可以考虑。