公开(公告)号：WO2014078466A3

公开(公告)日：2014-08-07

申请号：PCT/US2013069970

申请日：2013-11-14

Applicant: IBM

Inventor： BALUDA MAURO ,  CASTRO PAUL C ,  PISTOIA MARCO ,  PONZO JOHN J

IPC: G06F11/00

CPC classification number: G06F21/552 ,  G06F21/52 ,  G06F21/53 ,  G06F21/565 ,  G06F21/566 ,  G06F21/567 ,  G06F21/568 ,  G06F2221/2111 ,  G06F2221/2115 ,  H04L63/14 ,  H04L63/1408 ,  H04W12/08

Abstract: An example includes intercepting one or more activities performed by an application on a computing device. The intercepting uses an instrumentation layer separating the application from an operating system on the computing device. The one or more activities are compared with one or more anomaly detection policies in a policy configuration file to detect or not detect presence of one or more anomalies. In response to the comparison detecting presence of one or more anomalies, indication(s) of the one or more anomalies are stored. Another example includes receiving indication(s) of anomaly(ies) experienced by an application on computing device(s) and analyzing the indication(s) of the anomaly(ies) to determine whether corrective action(s) should be issued. Responsive to a determination corrective action(s) should be issued based on the analyzing, the corrective action(s) are issued to the computing device(s). Methods, program products, and apparatus are disclosed.

Abstract translation: 一个示例包括拦截由计算设备上的应用执行的一个或多个活动。 拦截使用将应用程序与计算设备上的操作系统分开的仪器层。 将一个或多个活动与策略配置文件中的一个或多个异常检测策略进行比较以检测或不检测一个或多个异常的存在。 响应于检测到一个或多个异常的存在的比较，存储一个或多个异常的指示。 另一个例子包括接收应用在计算设备上经历的异常指示并分析异常指示以确定是否应发布纠正措施。 响应于确定，应基于分析发出纠正措施，向（一个或多个）计算设备发出纠正措施。 公开了方法，程序产品和设备。