Patent · US Active

Method and apparatus to identify hardware performance counter events for detecting and classifying malware or workload using artificial intelligence

US11790087B2 · kind B2 · utility

0Cited by

0References

21Claims

0Family size

Assignee

Intel Corporation · US

Inventors

Deepak Mishra · Pune, IN
Prajesh Ambili Rajendran · Chilpur, IN
Taj un nisha N · Ayanambakkam, IN
Rahuldeva Ghosh · Portland, US
Paul Carlson · Portland, US
Zheng Zhang · San Jose, US

Key dates

Filing date	Dec 23, 2020
Grant date	Oct 17, 2023
Priority date	—
Expiry date	Aug 30, 2041

Classification

Technology area (CPC G)Physics
CPC primaryG06N20/00
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method comprises generating a first set of hardware performance counter (HPC) events that is ranked based on an ability of an individual HPC event to profile a malware class, generating a second set of HPC event combinations that is ranked based on an ability of a set of at least two joint HPC events to profile a malware class, generating a third set of extended HPC event combinations, profiling one or more malware events and one or more benign applications to obtain a detection accuracy parameter for each malware event, applying a machine learning model to rank the third set of HPC event combinations based on malware detection accuracy, and applying a genetic algorithm to the third set of HPC event combinations to identify a subset of the third set of extended combinations of HPC events to be used for malware detection and classification.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.