Method and system intercepting Linux core malicious process escalating privilege

A kernel and process technology, applied in the field of information security, can solve problems such as permanent extraction of system permissions and unfavorable information security maintenance, and achieve the effect of preventing vulnerability injection attacks and preventing malicious processes from escalating privileges.

Inactive Publication Date: 2017-04-12
HARBIN ANTIY TECH
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In Linux vulnerability attacks, most malicious programs call the commit_creds function to elevate the root-level privileges of the process to achieve the purpose of releasing malicious behaviors, and many malicious programs do not extract system privileges for a long time or permanently, but in The right is elevated immediately after the program starts, and the right is lowered after the malicious behavior is released. Generally, this process takes very little time, and it is easy to bypass the detection of protection products. Most of the existing protection products only detect obvious rights escalation operations, such as It is automatically set as a startup item, etc., and rarely enters the process state to detect process privilege escalation, which is not conducive to the maintenance of information security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system intercepting Linux core malicious process escalating privilege
  • Method and system intercepting Linux core malicious process escalating privilege

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0027] The present invention provides an embodiment of a method for intercepting the malicious process of the Linux kernel to escalate rights, such as figure 1 shown, including:

[0028] S101: Dynamically traverse and extract Linux system kernel process information, and store the kernel process information according to regulations;

[0029] S102: Dynamically track kernel process information, when a kernel process starts, immediately obtain the data information of the kernel process, and verify the data information; this process can be realized in the following manner:

[00...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and system intercepting a Linux core malicious process escalating privileges; the method comprises the following steps: firstly obtaining a Linux core process, tracing the started core process in real time, and obtaining data information of the core process; determining whether the data information contains sensitive information or not; if yes, obtaining Linux user information, and determining whether the sensitive information has user authorization or not; if no sensitive information is contained, continuously tracking the core process; if the sensitive information is determined to have user authorization, permitting the corresponding core process; if not, intercepting the corresponding process. The method and system can accurately and effectively inspect the privilege maliciously escalating process from the Linux core processes, thus preventing Linux core system leaks from being attached.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and a system for intercepting the privilege escalation of a Linux kernel malicious process. Background technique [0002] Due to the strict user authority restriction of the Linux system kernel, there are not many loopholes in the Linux system. In Linux vulnerability attacks, most malicious programs call the commit_creds function to elevate the root-level privileges of the process to achieve the purpose of releasing malicious behaviors, and many malicious programs do not extract system privileges for a long time or permanently, but in The right is elevated immediately after the program starts, and the right is lowered after the malicious behavior is released. Generally, this process takes very little time, and it is easy to bypass the detection of protection products. Most of the existing protection products only detect obvious rights escalation operations, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/55
CPCG06F21/566G06F21/554
Inventor 孙洪伟张伟坤徐翰隆肖新光
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap