公开(公告)号：US10027695B2

公开(公告)日：2018-07-17

申请号：US15193188

申请日：2016-06-27

Applicant: Intel Corporation

Inventor： Dirk Hohndel ,  Adriaan van de Ven

IPC: H04L29/06 ,  G06N3/12 ,  G06F21/55 ,  G06F21/56

Abstract: Technologies are provided in embodiments to detect malware. Embodiments are to receive context information related to a potentially affected system, create a prediction of normal traffic based, at least in part, on the received context information, compare network traffic associated with the potentially affected system to the prediction of normal traffic, and take an action based, at least in part, on the comparison. The action may be taken if the network traffic is not within an acceptable deviation range of the prediction of normal traffic or the action may be taken based on a degree of deviation of the network traffic from the prediction of normal traffic. The acceptable deviation range and the degree of deviation are based, at least in part, on a type of network traffic. The acceptable deviation range and the degree of deviation are based, at least in part, on a volume of network traffic.

公开(公告)号：US10445009B2

公开(公告)日：2019-10-15

申请号：US15639471

申请日：2017-06-30

Applicant: Intel Corporation

Inventor： Graham Whaley ,  Adriaan van de Ven ,  Manohar R. Castelino ,  Jose C. Venegas Munoz ,  Samuel Ortiz

IPC: G06F9/455 ,  G06F3/06

Abstract: Systems and methods that manage memory usage by a virtual machine are provided. These systems and methods compact the virtual machine's memory footprint, thereby promoting efficient use of memory and gaining performance benefits of increased data locality. In some embodiments, a guest operating system running within the virtual machine is enhanced to allocate its VM memory in a compact manner. The guest operating system includes a memory manager that is configured to reference an artificial access cost when identifying memory areas to allocate for use by applications. These access costs are described as being artificial because they are not representative of actual, hardware based access costs, but instead are fictitious costs that increase as the addresses of the memory areas increase. Because of these increasing artificial access costs, the memory manager identifies memory areas with lower addresses for allocation and use prior to memory areas with higher addresses.

公开(公告)号：US20160183184A1

公开(公告)日：2016-06-23

申请号：US15057115

申请日：2016-02-29

Applicant: Intel Corporation

Inventor： Adriaan van de Ven ,  James T. Kukunas

IPC: H04W48/20 ,  H04W76/02 ,  H04W48/16

CPC classification number: H04W48/20 ,  H04W48/16

Abstract: Technologies for reducing connection time to a wireless access point includes recording wireless connection information in a log, computing parameters as a function of past wireless connection information in the log, generating an ordered list of wireless access points most likely to be available for reconnection at a desired time as a function of recent wireless connection information in the log, and directly probing a wireless access point instead of initiating a wireless access point scan. In some embodiments, computing parameters as a function of past wireless connection information in the log comprises performing genetic programming operations to generate prediction programs for later prediction of wireless access points most likely to be available for reconnection at a desired time.

Abstract translation: 用于减少到无线接入点的连接时间的技术包括在日志中记录无线连接信息，根据日志中的过去的无线连接信息来计算参数，生成最可能可用于重新连接的无线接入点的有序列表， 作为日志中最近的无线连接信息的函数的期望时间，并且直接探测无线接入点而不是发起无线接入点扫描。 在一些实施例中，作为日志中的过去无线连接信息的函数的计算参数包括执行遗传编程操作以产生用于稍后预测在期望时间最可能重新连接的无线接入点的预测程序。

公开(公告)号：US09380066B2

公开(公告)日：2016-06-28

申请号：US13853601

申请日：2013-03-29

Applicant: Intel Corporation

Inventor： Dirk Hohndel ,  Adriaan van de Ven

IPC: H04L29/06 ,  G06N3/12 ,  G06F21/55 ,  G06F21/56

CPC classification number: H04L63/1416 ,  G06F21/554 ,  G06F21/56 ,  G06N3/126 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145

Abstract: Technologies are provided in embodiments to detect malware. The embodiments are configured to receive an entropy rate of a potentially affected system. The embodiments are further configured to compare the entropy rate to an average entropy rate, and to determine a probability that the potentially affected system is infected with malware. The probability is based, at least in part, on a result of the comparison. More specific embodiments can include the received entropy rate being generated, at a least in part, by a genetic program. Additional embodiments can include a configuration to provide the potentially affected system with a specified time-span associated with the genetic program. The specified time-span indicates an amount of time to observe context information on the potentially affected system. In at least some embodiments, the result of the comparison includes an indicator of whether the entropy rate correlates to an infected system or a healthy system.

Abstract translation: 在实施例中提供技术来检测恶意软件。 实施例被配置为接收可能受影响的系统的熵速率。 实施例还被配置为将熵速率与平均熵速率进行比较，并且确定潜在受影响的系统被恶意软件感染的概率。 概率至少部分地基于比较的结果。 更具体的实施例可以包括至少部分由遗传程序产生的接收到的熵速率。 另外的实施例可以包括用于向潜在受影响的系统提供与遗传程序相关联的指定时间跨度的配置。 指定的时间跨度表示观察潜在受影响系统的上下文信息的时间量。 在至少一些实施例中，比较的结果包括熵速率是否与受感染系统或健康系统相关联的指标。

公开(公告)号：US09942839B2

公开(公告)日：2018-04-10

申请号：US15057115

申请日：2016-02-29

Applicant: Intel Corporation

Inventor： Adriaan van de Ven ,  James T. Kukunas

IPC: H04W48/20 ,  H04W48/16 ,  H04W76/02

CPC classification number: H04W48/20 ,  H04W48/16

Abstract: Technologies for reducing connection time to a wireless access point includes recording wireless connection information in a log, computing parameters as a function of past wireless connection information in the log, generating an ordered list of wireless access points most likely to be available for reconnection at a desired time as a function of recent wireless connection information in the log, and directly probing a wireless access point instead of initiating a wireless access point scan. In some embodiments, computing parameters as a function of past wireless connection information in the log comprises performing genetic programming operations to generate prediction programs for later prediction of wireless access points most likely to be available for reconnection at a desired time.

公开(公告)号：US20160308892A1

公开(公告)日：2016-10-20

申请号：US15193188

申请日：2016-06-27

Applicant: Intel Corporation

Inventor： Dirk Hohndel ,  Adriaan van de Ven

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/554 ,  G06F21/56 ,  G06N3/126 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145

Abstract: Technologies are provided in embodiments to detect malware. Embodiments are to receive context information related to a potentially affected system, create a prediction of normal traffic based, at least in part, on the received context information, compare network traffic associated with the potentially affected system to the prediction of normal traffic, and take an action based, at least in part, on the comparison. The action may be taken if the network traffic is not within an acceptable deviation range of the prediction of normal traffic or the action may be taken based on a degree of deviation of the network traffic from the prediction of normal traffic. The acceptable deviation range and the degree of deviation are based, at least in part, on a type of network traffic. The acceptable deviation range and the degree of deviation are based, at least in part, on a volume of network traffic.

Abstract translation: 在实施例中提供技术来检测恶意软件。 实施例是接收与可能受影响的系统相关的上下文信息，至少部分地基于所接收的上下文信息来创建对正常业务的预测，将与潜在受影响的系统相关联的网络业务与正常业务的预测进行比较，并采用 一个行动，至少部分地基于比较。 如果网络流量不在正常流量的预测的可接受的偏差范围内，则可以采取动作，或者可以基于网络流量与正常流量的预测的偏差程度来采取动作。 可接受的偏差范围和偏差程度至少部分地基于网络流量的类型。 可接受的偏差范围和偏差程度至少部分地基于网络流量。