Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting malicious remote procedure call (RPC) behaviors

A technology of remote procedure call and detection method, applied in the field of computer network, can solve the problems of poor detection effect of malicious RPC behavior and many false negatives, and achieve the effect of improving effectiveness and strengthening security

Active Publication Date: 2012-05-02
CHENGDU HUAWEI TECH
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The embodiment of the present invention provides a method for detecting malicious RPC behavior, which is used to solve the problem of poor detection effect of malicious RPC behavior and many false positives in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting malicious remote procedure call (RPC) behaviors
  • Method and device for detecting malicious remote procedure call (RPC) behaviors
  • Method and device for detecting malicious remote procedure call (RPC) behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The inventor conducted an in-depth analysis of the fact that the existing IPS cannot effectively detect the malicious RPC service call behavior when multiple UUIDs are bound in the RPC process, and found that the reason is: in view of the fact that the RPC call process needs to use UUID, and the The port number corresponding to the UUID registration is a parameter, and the connection is established to provide services. Therefore, the design premise of the existing IPS is that only one UUID is bound in the process of an RPC call, that is, a TCP session connection that transmits RPC content. As long as the IPS detects the first UUID carried in it, the purpose of protecting against malicious RPC calls can be achieved.

[0029] However, a malicious client can evade detection by binding multiple UUIDs in one RPC call. As long as the RPC service corresponding to the first UUID is allowed, the IPS will determine that the RPC call is non-malicious. Malicious clients can achieve...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for detecting malicious remote procedure call (RPC) behaviors and is used for solving the problems of poor detection effect and high failure rate of report of the malicious RPC behaviors in the prior art. The method comprises the following steps of: when a client queries a high-order port which corresponds to RPC service to a server, recording universally unique identifiers (UUID) of all pieces of RPC service which are requested by the client; in the RPC process, analyzing a data packet which is transmitted in conversation connection between the client and the server to obtain all UUIDs which are associated with the RPC process; and judging whether each UUID in all obtained UUIDs accords with a control policy which is preset in a policy library to detect whether the client performs the malicious RPC behaviors. By the invention, the detection effectiveness of the malicious RPC behaviors by protection equipment is improved, and the safety of a protected RPC server is improved.

Description

technical field [0001] The invention relates to the technical field of computer networks, in particular to a method for detecting malicious remote procedure call (RPC, Remote Procedure Call) behavior and a detection device for malicious RPC behavior. Background technique [0002] The RPC protocol provides an inter-process communication mechanism through which a program running on one computer can request services from a program on another computer in the network. When the RPC protocol is applied, it adopts the client / server mode, the program that requests the service acts as a client, and the program that provides the service acts as a server. [0003] In order to distinguish multiple different RPC protocol-based services (hereinafter referred to as RPC services) provided by the same computer, the prior art uses a UUID to uniquely identify each RPC service on the same server. When each PRC service on the server is started, it will apply for a high-order port with a port num...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/26
Inventor 蒋武周莹莹
Owner CHENGDU HUAWEI TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com