Rebound shell detection method based on behavior detection
A detection method and behavioral technology, applied in the field of information security, can solve the problems of many false positives, false positives, loss of usability, etc., and achieve the effect of reducing judgment links, good reliability, and high accuracy
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment Construction
[0033] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the present invention will be further described below in conjunction with specific embodiments.
[0034] refer to Figure 1-2 , the specific embodiment adopts the following technical solutions: a detection method based on a behavior detection rebound shell, the steps of which are:
[0035] (1) Obtain the timing of shell process creation:
[0036] When a process is generated, it is necessary to obtain a notification from the system kernel. Different systems adopt different methods, such as using a driver to obtain a notification from the kernel under a Windows system, or other existing notification mechanisms can be used. The process creation notification of the system has some basic attributes, such as the process identifier PID, which can be used to uniquely identify a process on the system; it is also necessary to obtain the file path corre...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com