公开(公告)号：US11902785B2

公开(公告)日：2024-02-13

申请号：US17545721

申请日：2021-12-08

Applicant: INTEL CORPORATION

Inventor： Liuyang Lily Yang ,  Debabani Choudhury ,  Sridhar Sharma ,  Kathiravetpillai Sivanesan ,  Justin Gottschlich ,  Zheng Zhang ,  Yair Yona ,  Xiruo Liu ,  Moreno Ambrosin ,  Kuilin Clark Chen

IPC: H04W12/12 ,  H04W4/40 ,  H04W12/06 ,  H04L9/32 ,  H04W12/122

CPC classification number: H04W12/12 ,  H04L9/3271 ,  H04W4/40 ,  H04W12/06 ,  H04W12/122

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to detect attacks in V2X networks. An example apparatus includes a challenge handler to (a) transmit a first challenge packet to a first vehicle to request a transmission of a first response, (b) instruct a second challenge packet to be transmitted to a second vehicle to request a transmission of a second response, (c) increment a first counter when the first response is not obtained, (d) increment a second counter when the second response is not obtained, and (e) after repeating (a)-(d), determine that the first and second vehicles are phantom vehicles associated with an attacker with a half-duplex radio when at least one of the first or second counters satisfy a threshold, and a network interface to instruct a third vehicle associated with the V2X network to ignore future messages from the phantom vehicles based on the determination.

公开(公告)号：US11416603B2

公开(公告)日：2022-08-16

申请号：US16246187

申请日：2019-01-11

Applicant: Intel Corporation

Inventor： Zheng Zhang ,  Jason Martin ,  Justin Gottschlich ,  Abhilasha Bhargav-Spantzel ,  Salmin Sultana ,  Li Chen ,  Wei Li ,  Priyam Biswas ,  Paul Carlson

IPC: G06F21/52 ,  G06N20/00 ,  G06F21/56 ,  G06F21/51 ,  G05B23/02

Abstract: Methods, systems, articles of manufacture and apparatus to detect process hijacking are disclosed herein. An example apparatus to detect control flow anomalies includes a parsing engine to compare a target instruction pointer (TIP) address to a dynamic link library (DLL) module list, and in response to detecting a match of the TIP address to a DLL in the DLL module list, set a first portion of a normalized TIP address to a value equal to an identifier of the DLL. The example apparatus disclosed herein also includes a DLL entry point analyzer to set a second portion of the normalized TIP address based on a comparison between the TIP address and an entry point of the DLL, and a model compliance engine to generate a flow validity decision based on a comparison between (a) the first and second portion of the normalized TIP address and (b) a control flow integrity model.

公开(公告)号：US11258813B2

公开(公告)日：2022-02-22

申请号：US16455189

申请日：2019-06-27

Applicant: Intel Corporation

Inventor： Justin Gottschlich ,  Rachit Mathur ,  Zheng Zhang

IPC: H04L29/06 ,  G06K9/62 ,  G06F21/55 ,  G06F21/56

Abstract: Apparatus, systems, methods, and articles of manufacture for fingerprinting and classifying application behaviors using telemetry are disclosed. An example apparatus includes a trace processor to process events in a processor trace to capture application execution behavior; a fingerprint extractor to extract a first fingerprint from the captured application execution behavior and performance monitor information; a fingerprint clusterer to, in a training mode cluster the first fingerprint and the second fingerprint into a cluster of fingerprints to be stored in a fingerprint database with a classification; and a fingerprint classifier to, in a deployed mode, classify a third fingerprint, the fingerprint classifier to trigger a remedial action when the classification is malicious.

公开(公告)号：US11252567B2

公开(公告)日：2022-02-15

申请号：US16230971

申请日：2018-12-21

Applicant: Intel Corporation

Inventor： Liuyang Lily Yang ,  Debabani Choudhury ,  Sridhar Sharma ,  Kathiravetpillai Sivanesan ,  Justin Gottschlich ,  Zheng Zhang ,  Yair Yona ,  Xiruo Liu ,  Moreno Ambrosin ,  Kuilin Clark Chen

IPC: H04W12/12 ,  H04W4/40 ,  H04W12/06 ,  H04L9/32 ,  H04W12/122

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to detect attacks in V2X networks. An example apparatus includes a challenge handler to (a) transmit a first challenge packet to a first vehicle to request a transmission of a first response, (b) instruct a second challenge packet to be transmitted to a second vehicle to request a transmission of a second response, (c) increment a first counter when the first response is not obtained, (d) increment a second counter when the second response is not obtained, and (e) after repeating (a)-(d), determine that the first and second vehicles are phantom vehicles associated with an attacker with a half-duplex radio when at least one of the first or second counters satisfy a threshold, and a network interface to instruct a third vehicle associated with the V2X network to ignore future messages from the phantom vehicles based on the determination.

公开(公告)号：US20210110038A1

公开(公告)日：2021-04-15

申请号：US17132248

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Deepak Kumar Mishra ,  Prajesh Ambili Rajendran ,  Taj un nisha N ,  Rahuldeva Ghosh ,  Paul Carlson ,  Zheng Zhang

IPC: G06F21/56 ,  G06N20/00

Abstract: A method comprises generating a first set of hardware performance counter (HPC) events that is ranked based on an ability of an individual HPC event to profile a malware class, generating a second set of HPC event combinations that is ranked based on an ability of a set of at least two joint HPC events to profile a malware class, generating a third set of extended HPC event combinations, profiling one or more malware events and one or more benign applications to obtain a detection accuracy parameter for each malware event, applying a machine learning model to rank the third set of HPC event combinations based on malware detection accuracy, and applying a genetic algorithm to the third set of HPC event combinations to identify a subset of the third set of extended combinations of HPC events to be used for malware detection and classification.