OUTBREAK PATHOLOGY INFERENCE

摘要

In an example, a system and method for outbreak pathology inference are described. In certain computational ecosystems, malware programs and other malicious objects may infect a machine, and then attempt to infect additional machines that are “networked” to the first machine. In some cases, the network may be a physical or logical network, such as an enterprise network. However, “social networking” may also connect one machine to another, because users may share files or data with one another over social networks. In that case, client devices may be equipped with a telemetry engine to gather and report data about the machine, while a system management server receives reported telemetry. The system management server may use both logical networks and social networks to infer potential outbreak paths and behaviors of malware.

主权项

1. A computing apparatus comprising:
a network interface; and one or more logic elements comprising an outbreak pathology inference engine, operable for:
receiving network telemetry data from a client device via the network interface;receiving out-of-network telemetry data from the client device via the network interface; andinferring, based at least in part on the network telemetry data and out-of-network data, a malware outbreak hypothesis.