| 主权项 |
1. A system comprising:
a processing system including one or more processors; memory accessible to the processing system, wherein the memory stores instructions executable by at least one processor of the one or more processors to cause the at least one processor to:
instantiate a first detection agent based on detection criteria, wherein the first detection agent includes first program code executable by a second processor to monitor network activity;send the first program code of the first detection agent to a remote computing device for execution, wherein, when the first program code of the first detection agent is executed at the remote computing device, the first detection agent is configured to:
monitor operations of components of the remote computing device including operations of a trusted component,generate an operational signature corresponding to the monitored operations of the trusted component of the remote computing device,monitor network activity of the remote computing device based on the operational signature while emulating activity of the trusted component of the remote computing device, andtransmit network activity data to the processing system, and wherein the processing system updates the detection criteria based on the network activity data and generates updated detection criteria;instantiate a second detection agent based on the updated detection criteria, wherein the second detection agent includes second program code; andsend the second program code of the second detection agent to the remote computing device for execution. |
