公开(公告)号：US11790087B2

公开(公告)日：2023-10-17

申请号：US17132248

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Deepak Kumar Mishra ,  Prajesh Ambili Rajendran ,  Taj un nisha N ,  Rahuldeva Ghosh ,  Paul Carlson ,  Zheng Zhang

IPC: G06F21/55 ,  G06F21/56 ,  G06N20/00

CPC classification number: G06F21/566 ,  G06F21/564 ,  G06F21/568 ,  G06N20/00

Abstract: A method comprises generating a first set of hardware performance counter (HPC) events that is ranked based on an ability of an individual HPC event to profile a malware class, generating a second set of HPC event combinations that is ranked based on an ability of a set of at least two joint HPC events to profile a malware class, generating a third set of extended HPC event combinations, profiling one or more malware events and one or more benign applications to obtain a detection accuracy parameter for each malware event, applying a machine learning model to rank the third set of HPC event combinations based on malware detection accuracy, and applying a genetic algorithm to the third set of HPC event combinations to identify a subset of the third set of extended combinations of HPC events to be used for malware detection and classification.

公开(公告)号：US20220092179A1

公开(公告)日：2022-03-24

申请号：US17541243

申请日：2021-12-02

Applicant: Intel Corporation

Inventor： Zheng Zhang ,  Rahuldeva Ghosh

IPC: G06F21/55

Abstract: A system includes a processor to execute a data flow instrumented application to generate data trace data representing data flows of the data flow instrumented application; processor trace circuitry to generate processor trace (PT) data from the data trace data; and a data flow detecting pipeline to monitor the data flows represented by the PT data in real time and generate an alert if one or more of the data flows deviates from a data flow model for the data flow instrumented application.

公开(公告)号：US20190319977A1

公开(公告)日：2019-10-17

申请号：US16455189

申请日：2019-06-27

Applicant: Intel Corporation

Inventor： Justin Gottschlich ,  Rachit Mathur ,  Zheng Zhang

IPC: H04L29/06 ,  G06K9/62

Abstract: Apparatus, systems, methods, and articles of manufacture for fingerprinting and classifying application behaviors using telemetry are disclosed. An example apparatus includes a trace processor to process events in a processor trace to capture application execution behavior; a fingerprint extractor to extract a first fingerprint from the captured application execution behavior and performance monitor information; a fingerprint clusterer to, in a training mode cluster the first fingerprint and the second fingerprint into a cluster of fingerprints to be stored in a fingerprint database with a classification; and a fingerprint classifier to, in a deployed mode, classify a third fingerprint, the fingerprint classifier to trigger a remedial action when the classification is malicious.

公开(公告)号：US20230110131A1

公开(公告)日：2023-04-13

申请号：US17898227

申请日：2022-08-29

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Keith Nolan ,  Mark Kelly ,  Gregory Burns ,  Michael Nolan ,  John Brady ,  Cliodhna Ni Scanaill ,  Niall Cahill ,  Thiago Macieira ,  Zheng Zhang ,  Glen J. Anderson ,  Igor Muttik ,  Davide Carboni ,  Eugene Ryan ,  Richard Davies ,  Toby M. Kohlenberg ,  Maarten Koning ,  Jakub Wenus ,  Rajesh Poornachandran ,  William C. Deleeuw ,  Ravikiran Chukka

IPC: H04L41/0806 ,  H04L67/10 ,  H04L67/12 ,  H04W4/70 ,  G06F16/182 ,  H04L9/08 ,  H04L9/32 ,  H04L45/00 ,  H04L67/104 ,  H04L69/18 ,  H04W4/08 ,  H04W84/22 ,  H04L41/12 ,  H04L69/22 ,  H04L67/1087 ,  H04W12/69 ,  H04L61/4505 ,  H04L61/5069 ,  H04L67/562

Abstract: The Internet can be configured to provide communications to a large number of Internet-of-Things (IoT) devices. Devices can be designed to address the need for network layers, from central servers, through gateways, down to edge devices, to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Network protocols can be part of the fabric supporting human accessible services that operate regardless of location, time, or space. Innovations can include service delivery and associated infrastructure, such as hardware and software. Services may be provided in accordance with specified Quality of Service (QoS) terms. The use of IoT devices and networks can be included in a heterogeneous network of connectivity including wired and wireless technologies.

公开(公告)号：US11431561B2

公开(公告)日：2022-08-30

申请号：US16466978

申请日：2017-12-28

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Keith Nolan ,  Mark Kelly ,  Gregory Burns ,  Michael Nolan ,  John Brady ,  Cliodhna Ni Scanaill ,  Niall Cahill ,  Thiago Macieira ,  Zheng Zhang ,  Glen J. Anderson ,  Igor Muttik ,  Davide Carboni ,  Eugene Ryan ,  Richard Davies ,  Toby M. Kohlenberg ,  Maarten Koning ,  Jakub Wenus ,  Rajesh Poornachandran ,  William C. Deleeuw ,  Ravikiran Chukka

IPC: H04L29/08 ,  H04L41/0806 ,  H04L67/10 ,  H04L67/12 ,  H04W4/70 ,  G06F16/182 ,  H04L9/08 ,  H04L9/32 ,  H04L45/00 ,  H04L67/104 ,  H04L69/18 ,  H04W4/08 ,  H04W84/22 ,  H04L41/12 ,  H04L69/22 ,  H04L61/4505 ,  H04L61/5069 ,  H04L67/1087 ,  H04L67/562 ,  H04W12/69 ,  H04W84/18

Abstract: The Internet can be configured to provide communications to a large number of Internet-of-Things (IoT) devices. Devices can be designed to address the need for network layers, from central servers, through gateways, down to edge devices, to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Network protocols can be part of the fabric supporting human accessible services that operate regardless of location, time, or space. Innovations can include service delivery and associated infrastructure, such as hardware and software. Services may be provided in accordance with specified Quality of Service (QoS) terms. The use of IoT devices and networks can be included in a heterogeneous network of connectivity including wired and wireless technologies.

公开(公告)号：US20220124503A1

公开(公告)日：2022-04-21

申请号：US17545721

申请日：2021-12-08

Applicant: INTEL CORPORATION

Inventor： Liuyang Lily Yang ,  Debabani Choudhury ,  Sridhar Sharma ,  Kathiravetpillai Sivanesan ,  Justin Gottschlich ,  Zheng Zhang ,  Yair Yona ,  Xiruo Liu ,  Moreno Ambrosin ,  Kuilin Clark Chen

IPC: H04W12/12 ,  H04W4/40 ,  H04W12/06 ,  H04L9/32 ,  H04W12/122

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to detect attacks in V2X networks. An example apparatus includes a challenge handler to (a) transmit a first challenge packet to a first vehicle to request a transmission of a first response, (b) instruct a second challenge packet to be transmitted to a second vehicle to request a transmission of a second response, (c) increment a first counter when the first response is not obtained, (d) increment a second counter when the second response is not obtained, and (e) after repeating (a)-(d), determine that the first and second vehicles are phantom vehicles associated with an attacker with a half-duplex radio when at least one of the first or second counters satisfy a threshold, and a network interface to instruct a third vehicle associated with the V2X network to ignore future messages from the phantom vehicles based on the determination.

公开(公告)号：US20220091961A1

公开(公告)日：2022-03-24

申请号：US17541246

申请日：2021-12-03

Applicant: Intel Corporation

Inventor： Zheng Zhang ,  Rahuldeva Ghosh

IPC: G06F11/34 ,  G06F11/30 ,  G06F9/38 ,  G06F9/4401

Abstract: A processor includes one or more processing cores, and a performance monitoring unit (PMU), the PMU including one or more performance monitoring counters; a PMU memory to store a PMU kernel, the PMU kernel including one or more programmable PMU functions; and a PMU processor to load the PMU kernel and concurrently execute the one or more programmable PMU functions of the PMU kernel to concurrently access the one or more performance counters.

公开(公告)号：US20190317734A1

公开(公告)日：2019-10-17

申请号：US16456984

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Li Chen ,  Justin Gottschlich ,  Alexander Heinecke ,  Zheng Zhang ,  Shengtian Zhou

IPC: G06F8/33 ,  G06N3/08

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to improve code characteristics. An example apparatus includes a weight manager to apply a first weight value to a first objective function, a state identifier to identify a first state corresponding to candidate code, and an action identifier to identify candidate actions corresponding to the identified first state. The example apparatus also includes a reward calculator to determine reward values corresponding to respective ones of (a) the identified first state, (b) one of the candidate actions and (c) the first weight value, and a quality function definer to determine a relative highest state and action pair reward value based on respective ones of the reward values

公开(公告)号：US20190163900A1

公开(公告)日：2019-05-30

申请号：US16246187

申请日：2019-01-11

Applicant: Intel Corporation

Inventor： Zheng Zhang ,  Jason Martin ,  Justin Gottschlich ,  Abhilasha Bhargav-Spantzel ,  Salmin Sultana ,  Li Chen ,  Wei Li ,  Priyam Biswas ,  Paul Carlson

IPC: G06F21/52 ,  G05B23/02 ,  G06N20/00 ,  G06F21/51

Abstract: Methods, systems, articles of manufacture and apparatus to detect process hijacking are disclosed herein. An example apparatus to detect control flow anomalies includes a parsing engine to compare a target instruction pointer (TIP) address to a dynamic link library (DLL) module list, and in response to detecting a match of the TIP address to a DLL in the DLL module list, set a first portion of a normalized TIP address to a value equal to an identifier of the DLL. The example apparatus disclosed herein also includes a DLL entry point analyzer to set a second portion of the normalized TIP address based on a comparison between the TIP address and an entry point of the DLL, and a model compliance engine to generate a flow validity decision based on a comparison between (a) the first and second portion of the normalized TIP address and (b) a control flow integrity model.

公开(公告)号：US12132609B2

公开(公告)日：2024-10-29

申请号：US17702463

申请日：2022-03-23

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Keith Nolan ,  Mark Kelly ,  Michael Nolan ,  John Brady ,  Thiago Macieira ,  Zheng Zhang ,  Glen J. Anderson ,  Igor Muttik

IPC: G06F15/177 ,  G06F16/182 ,  H04L9/08 ,  H04L9/32 ,  H04L41/0806 ,  H04L41/12 ,  H04L45/00 ,  H04L61/4505 ,  H04L61/5069 ,  H04L67/10 ,  H04L67/104 ,  H04L67/1087 ,  H04L67/12 ,  H04L67/562 ,  H04L69/18 ,  H04L69/22 ,  H04W4/08 ,  H04W4/70 ,  H04W12/69 ,  H04W84/22 ,  H04L9/00 ,  H04W84/18

CPC classification number: H04L41/0806 ,  G06F16/1824 ,  G06F16/1834 ,  H04L9/0825 ,  H04L9/3239 ,  H04L41/12 ,  H04L45/20 ,  H04L61/4505 ,  H04L61/5069 ,  H04L67/10 ,  H04L67/104 ,  H04L67/1046 ,  H04L67/1093 ,  H04L67/12 ,  H04L67/562 ,  H04L69/18 ,  H04L69/22 ,  H04W4/08 ,  H04W4/70 ,  H04W12/69 ,  H04W84/22 ,  H04L9/50 ,  H04L2209/56 ,  H04W84/18

Abstract: A trusted communications environment includes a primary participant with a group creator and a distributed ledger, and a secondary participant with communication credentials. An Internet of Things (IoT) network includes a trusted execution environment with a chain history for a blockchain, a root-of-trust for chaining, and a root-of-trust for archives. An IoT network includes an IoT device with a communication system, an onboarding tool, a device discoverer, a trust builder, a shared domain creator, and a shared resource directory. An IoT network includes an IoT device with a communication system, a policy decision engine, a policy repository, a policy enforcement engine, and a peer monitor. An IoT network includes an IoT device with a host environment and a trusted reliability engine to apply a failover action if the host environment fails. An IoT network includes an IoT server including secure booter/measurer, trust anchor, authenticator, key manager, and key generator.