Outbreak pathology inference
First Claim
1. A computing apparatus comprising:
- a network interface; and
one or more logic elements, including at least a processor and a memory, comprising an outbreak pathology inference engine, operable for;
receiving network telemetry data from a client device via the network interface;
receiving out-of-network telemetry data from the client device via the network interface; and
inferring, based at least in part on the network telemetry data and out-of-network data, a predictive malware outbreak hypothesis.
10 Assignments
0 Petitions
Accused Products
Abstract
In an example, a system and method for outbreak pathology inference are described. In certain computational ecosystems, malware programs and other malicious objects may infect a machine, and then attempt to infect additional machines that are “networked” to the first machine. In some cases, the network may be a physical or logical network, such as an enterprise network. However, “social networking” may also connect one machine to another, because users may share files or data with one another over social networks. In that case, client devices may be equipped with a telemetry engine to gather and report data about the machine, while a system management server receives reported telemetry. The system management server may use both logical networks and social networks to infer potential outbreak paths and behaviors of malware.
-
Citations
25 Claims
-
1. A computing apparatus comprising:
-
a network interface; and one or more logic elements, including at least a processor and a memory, comprising an outbreak pathology inference engine, operable for; receiving network telemetry data from a client device via the network interface; receiving out-of-network telemetry data from the client device via the network interface; and inferring, based at least in part on the network telemetry data and out-of-network data, a predictive malware outbreak hypothesis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions operable for instructing a processor to provide a pathology inference engine operable for:
-
receiving network telemetry data from a client device; receiving out-of-network telemetry data from the client device; and inferring, based at least in part on the network telemetry data and out-of-network data, a predictive malware outbreak hypothesis. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer-implemented method of providing pathology inference, comprising:
-
receiving network telemetry data from a client device; receiving out-of-network telemetry data from the client device; and inferring, based at least in part on the network telemetry data and out-of-network data, a predictive malware outbreak hypothesis. - View Dependent Claims (25)
-
Specification