| US 7,594,269 B2 | ||
| Platform-based identification of host software circumvention | ||
| David Durham, Hillsboro, Oreg. (US); Ravi Sahita, Beaverton, Oreg. (US); and Priya Rajagopal, Wharton, N.J. (US) | ||
| Assigned to Intel Corporation, Santa Clara, Calif. (US) | ||
| Filed on Oct. 29, 2004, as Appl. No. 10/976,592. | ||
| Prior Publication US 2006/0095967 A1, May 04, 2006 | ||
| Int. Cl. G06F 11/00 (2006.01); G06F 12/14 (2006.01); G06F 12/16 (2006.01); G08B 23/00 (2006.01) | ||
| U.S. Cl. 726—23 [714/38] | 16 Claims |
| 1. A computer implemented method exchanging data traffic between a security software module of a computing device and a hardware
component on a hardware platform of the computing device, the security software module including an intrusion detection system,
the hardware component including a network interface controller;during the exchanging data traffic,
maintaining a first running count of packets of data traffic observed by the hardware component, and
maintaining a second running count of packets of data traffic observed by the security software module;
generating hardware statistics based on the first running count;
generating software statistics based on the second running count;
sending the hardware statistics and the software statistics to a correlation agent of the computing device;
the correlation agent evaluating a correlation between the hardware statistics and the software statistics, the evaluating
including testing an amount of data determined to have been observed by the security software module with an amount of data
determined to have been observed by the network interface controller;
determining that a security risk is indicated by a result of the evaluating; and
in response to determining that the security risk is indicated, triggering a remedial procedure including at least one of
sending an alert of the security risk and sending an instruction to change a security setting related to the hardware platform.
|