公开(公告)号：US20210150025A1

公开(公告)日：2021-05-20

申请号：US17132934

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Omer Ben-Shalom ,  Alex Nayshtut ,  Behnam Eliyahu ,  Denis Klimov

IPC: G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  G06F21/62

Abstract: A system and method of detecting and remediating attacks includes receiving operating system (OS) read/write data from an OS, the OS read/write data describing at least one of reads from and writes to a storage device over a file system interface of the OS; collecting storage device read/write data, the storage device read/write data describing at least one of reads from and writes to the storage device; comparing the OS read/write data to the storage device read/write data; and determining if there is a discrepancy between the OS read/write data and the storage device read/write data. If there is a discrepancy, determining if there is an anomaly detected between OS read/write data and the storage device read/write data. If there is an anomaly, causing a remediation action to be taken to stop a malware attack.

公开(公告)号：US11507656B2

公开(公告)日：2022-11-22

申请号：US17132934

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Omer Ben-Shalom ,  Alex Nayshtut ,  Behnam Eliyahu ,  Denis Klimov

IPC: G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  G06F21/62

Abstract: A system and method of detecting and remediating attacks includes receiving operating system (OS) read/write data from an OS, the OS read/write data describing at least one of reads from and writes to a storage device over a file system interface of the OS; collecting storage device read/write data, the storage device read/write data describing at least one of reads from and writes to the storage device; comparing the OS read/write data to the storage device read/write data; and determining if there is a discrepancy between the OS read/write data and the storage device read/write data. If there is a discrepancy, determining if there is an anomaly detected between OS read/write data and the storage device read/write data. If there is an anomaly, causing a remediation action to be taken to stop a malware attack.