Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection method and device for rebound shell process, equipment and medium

A detection method and process technology, which is applied in the fields of information security and computer, can solve the problems of unable to detect the process of rebound failure and few application scenarios, and achieve the effect of improving efficiency and accuracy

Pending Publication Date: 2021-09-28
BAIDU ONLINE NETWORK TECH (BEIJIBG) CO LTD
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present application provides a method, device, device and medium for detecting a rebound shell process, so as to solve the problem that existing detection methods have few application scenarios and cannot detect processes that fail to rebound

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and device for rebound shell process, equipment and medium
  • Detection method and device for rebound shell process, equipment and medium
  • Detection method and device for rebound shell process, equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] Exemplary embodiments of the present application are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present application to facilitate understanding, and they should be regarded as exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

[0059] figure 1 It is a schematic flowchart of a method for detecting a reverse shell process according to the first embodiment of the present application, and this embodiment is applicable to the situation of preventing hacking. The method can be executed by a detecting device for rebounding shell process, which is implemented in the form of software and / or hardwar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detection method and device for a rebound shell process, equipment and a medium, and relates to the technical field of information security. According to the specific implementation scheme, the method includes monitoring a process creation event generated on a current host; acquiring a command line executed when the target process is started, wherein the target process is a process corresponding to a monitored process creation event; and determining whether the target process is a rebound shell process or not according to the command line. In the embodiment of the invention, as long as the process creation event is generated on the host, whether the process is the rebound shell process or not is determined according to the command line executed when the process is started, the detection of various rebound shell processes can be covered, and the command line can be captured no matter whether the command line is successfully executed or failed, so that the detection of the process with the rebound failure can be realized.

Description

technical field [0001] The present application relates to the field of computer technology, in particular to the field of information security technology, and in particular to a detection method, device, equipment and medium for a reverse shell process. Background technique [0002] When a hacker exploits a vulnerability to invade a host, it is a very common method to control the compromised host by rebounding the shell process, so the reverse shell process detection module is regarded as a relatively important module in the intrusion detection system. The shell process provides an interface for instant interaction between the user and the linux operating system. Generally, the default shell process receives command input from the keyboard, and then outputs the result of the command execution to the screen. However, some hackers use the input and output redirection function of the shell process to redirect the input and output file handles of the shell process to socket (soc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/52
CPCG06F21/566G06F21/52Y02P90/02
Inventor 付春桃赵中树谢奕智
Owner BAIDU ONLINE NETWORK TECH (BEIJIBG) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com