公开(公告)号：US20190044912A1

公开(公告)日：2019-02-07

申请号：US15942031

申请日：2018-03-30

Applicant: Intel Corporation

Inventor： Liuyang Lily Yang ,  Huaxin Li ,  Li Zhao ,  Marcio Juliato ,  Shabbir Ahmed ,  Manoj R. Sastry

IPC: H04L29/06 ,  G06F9/455

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform; a network interface to communicatively couple to a bus lacking native support for authentication; and an anomaly detection engine to operate on the hardware platform and configured to: receive a first data stream across a first time; symbolize and approximate the first data stream, including computing a first window sum; receive a second data stream across a second time substantially equal in length to the first time, the second data stream including data across the plurality of dimensions from the first data stream; symbolize and approximate the second data stream, including computing a second window sum; compute a difference between the first window sum and the second window sum; determine that difference exceeds a threshold and that the correlation across the plurality of dimensions is broken; and flag a potential anomaly.

公开(公告)号：US12289161B2

公开(公告)日：2025-04-29

申请号：US17829042

申请日：2022-05-31

Applicant: INTEL CORPORATION

Inventor： Vuk Lesi ,  Christopher Gutierrez ,  Manoj Sastry ,  Marcio Juliato ,  Shabbir Ahmed ,  Qian Wang

IPC: H04J3/06

Abstract: Techniques for clock manager monitoring for time sensitive networks are described. An apparatus, comprises a clock circuitry to manage a clock for a device, a processing circuitry coupled to the clock circuitry, the processing circuitry to execute instructions to perform operations for a clock manager, the clock manager to receive messages with time information for a network and generate clock manager control information to adjust the clock to a network time for the network, and a detector coupled to the processing circuitry and the clock circuitry, the detector to receive the clock manager control information, generate model control information based on a clock model, compare the clock manager control information with the model control information to generate difference information, and determine whether to generate an alert based on the difference information. Other embodiments are described and claimed.

公开(公告)号：US12250233B2

公开(公告)日：2025-03-11

申请号：US18105580

申请日：2023-02-03

Applicant: INTEL CORPORATION

Inventor： Marcio Juliato ,  Javier Perez-Ramirez ,  Manoj Sastry ,  Dave Cavalcanti ,  Christopher Gutierrez ,  Vuk Lesi ,  Shabbir Ahmed

IPC: H04L9/40

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

公开(公告)号：US12218813B2

公开(公告)日：2025-02-04

申请号：US18215936

申请日：2023-06-29

Applicant: Intel Corporation

Inventor： Marcio Juliato ,  Javier Perez-Ramirez ,  Mikhail Galeev ,  Manoj Sastry ,  Dave Cavalcanti ,  Christopher Gutierrez ,  Shabbir Ahmed ,  Vuk Lesi

IPC: H04L43/0817 ,  H04L9/40 ,  H04L43/067

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

公开(公告)号：US20250007738A1

公开(公告)日：2025-01-02

申请号：US18215951

申请日：2023-06-29

Applicant: Intel Corporation

Inventor： Christopher Gutierrez ,  Marcio Juliato ,  Manoj Sastry ,  Vuk Lesi ,  Shabbir Ahmed

IPC: H04L9/40 ,  H04L9/32

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

公开(公告)号：US12054119B2

公开(公告)日：2024-08-06

申请号：US16994147

申请日：2020-08-14

Applicant: Intel Corporation

Inventor： Shabbir Ahmed ,  Marcio Juliato ,  Christopher Gutierrez ,  Qian Wang ,  Vuk Lesi ,  Manoj Sastry

IPC: B60R25/30 ,  B60R25/104 ,  B60R25/24 ,  G06F21/44 ,  H04L9/40

CPC classification number: B60R25/30 ,  B60R25/104 ,  B60R25/24 ,  G06F21/44 ,  H04L63/1416

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage transitions associated with the transmission at a point on the in-vehicle network bus. A domain bitmap can be generated from the observed voltage transitions. ECUs can be identified and/or fingerprinted based on the domain bitmaps.

公开(公告)号：US11995183B2

公开(公告)日：2024-05-28

申请号：US17357885

申请日：2021-06-24

Applicant: Intel Corporation

Inventor： Marcio Juliato ,  Shabbir Ahmed ,  Christopher Gutierrez ,  Vuk Lesi ,  Manoj Sastry ,  Qian Wang

IPC: G06F21/55

CPC classification number: G06F21/554 ,  G06F2221/034

Abstract: Systems, apparatuses, and methods to response to detected attacks in an autonomous system based on context of the autonomous system are described. In particular, the disclosure provides an intrusion detection system receiving contexts and contracts dictating particular response guide rails from a higher level components or stack on the autonomous system. The intrusion detection system is arranged to respond to attacks according to the contract without intervention by the higher level components or stack.

公开(公告)号：US20240171593A1

公开(公告)日：2024-05-23

申请号：US17990091

申请日：2022-11-18

Applicant: Intel Corporation

Inventor： Marcio Juliato ,  Shabbir Ahmed ,  Christopher Gutierrez ,  Vuk Lesi ,  Manoj Sastry

IPC: H04L9/40 ,  H04J3/06

CPC classification number: H04L63/1416 ,  H04J3/0658 ,  H04L63/1466

Abstract: Techniques include an apparatus to retrieve a first parameter for the IDS to monitor a device for a time-synchronized network. The first parameter may represent a number of messages the IDS needs to analyze in order to detect a security attack. The messages may comprise time information to synchronize a clock for a device to a network time for a time-synchronized network. The processor circuitry may retrieve a second parameter for a time sensitive application. The second parameter may represent a defined amount of time error tolerated by the time sensitive application, and determine a third parameter for the IDS based on the first and second parameters. The third parameter may represent a defined frequency to receive a number of messages with time information in order to detect the security attack on the device within a defined time interval. Other embodiments are described and claimed.

公开(公告)号：US20240143020A1

公开(公告)日：2024-05-02

申请号：US17974113

申请日：2022-10-26

Applicant: Intel Corporation

Inventor： Vuk Lesi ,  Christopher Gutierrez ,  Shabbir Ahmed ,  Marcio Juliato ,  Manoj Sastry

IPC: G06F1/12 ,  G06F1/10

CPC classification number: G06F1/12 ,  G06F1/10 ,  G06F1/08

Abstract: An apparatus for clock manager redundancy comprises a clock circuitry to manage a clock for a device; a first processing circuitry coupled to the clock circuitry to execute instructions to perform operations for a clock manager, the clock manager to receive messages with time information for a network and generate clock manager control information to adjust the clock to a network time for the network; a hardened execution environment coupled to the clock circuitry and the first processing circuitry, the hardened execution environment to comprise: a detector to monitor the clock manager and generate an alert when the detector identifies abnormal behavior of the clock manager; and a second processing circuitry to execute instructions to perform operations for a redundant clock manager, the redundant clock manager to take over operations for the clock manager in response to the alert from the detector. Other embodiments are described and claimed.

公开(公告)号：US11665178B2

公开(公告)日：2023-05-30

申请号：US16727638

申请日：2019-12-26

Applicant: Intel Corporation

Inventor： Christopher N. Gutierrez ,  Shabbir Ahmed ,  Marcio Juliato ,  Manoj Sastry ,  Liuyang L. Yang ,  Xiruo Liu

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/40 ,  G06N20/20

CPC classification number: H04L63/1408 ,  G06N20/20 ,  H04L12/40032 ,  H04L63/0227 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2012/40273

Abstract: Logic may reduce the latency and increase the confidence in message time series (MTS) intrusion detection systems (IDSs). Logic may capture traffic on an in-vehicle network bus during a first traffic window. Logic may filter the traffic within the first traffic window to determine more than one observation window, wherein the more than observation window comprises at least a first observation window and a second observation window. Logic may evaluate the more than one observation window to determine a first output based on a first observation window and a second output based on a second observation window, the first and second outputs to indicate if an intrusion is detected. Logic may determine, based on a combination of the outputs, that the traffic during the first traffic window comprises an intrusion. Logic may output an indication of the intrusion.