A screen recording method under windows system

A screen and flow technology, applied in the field of network security, can solve the problems of attack behavior analysis deviation, lack of important operation video, high system resource consumption, etc., to achieve complete attack behavior, reduce packet loss rate, and reduce system resource consumption.

Active Publication Date: 2021-03-02
广州锦行网络科技有限公司
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] 1. Use the window API to take screenshots. If the timing is too short, the system resource consumption will be too high. For example, if the CPU is too high, the system will be stuck, and it will be easily discovered by attackers.
If the timing is too long, the converted video may be incomplete, and may lack important operation videos, which will cause serious deviations in attack behavior analysis
[0008] 2. To use the window API to take screenshots, you need to install a screenshot agent in the windows honeypot system, which is easy to be discovered by attackers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A screen recording method under windows system
  • A screen recording method under windows system
  • A screen recording method under windows system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0078] According to a specific embodiment of the present invention, the screen recording method under a kind of windows system provided by the present invention comprises the following steps:

[0079] First deploy rdp replay on the gateway of the monitored windows system host, and install pf_ring on the gateway.

[0080] as attached figure 1 , wherein the windows system host can be used as a honeypot in practical applications. In the present invention, the attack behavior occurs on the honeypot host equipped with the windows system, and the gateway is a Linux system gateway. A gateway is required. Installing pf_ring on the gateway can capture all the data traffic of attacking honeypots in real time, and installing rdp replay on the gateway, that is, parsing the traffic packets captured by pf_ring in real time into rdp data and transmitting it to libfreerdp for screen drawing. The IP address of the gateway and the IP address of the Windows system host can be configured in the...

Embodiment 2

[0095] According to a specific embodiment of the present invention, as attached Figure 4 , when an attacker accesses a honeypot installed with a Windows operating system, he will first initiate a TCP connection establishment request to the honeypot, that is, a handshake TCP message containing the SYN flag bit. After receiving the message, the honeypot will reply with the SYN and The TCP message confirmed by the ACK is sent to the attacker. After receiving the ACK confirmation message, the attacker will reply the confirmation ACK to the honeypot. At this point, the TCP connection is established. The above interactive data will pass through the Linux gateway, and the Linux gateway will record it.

[0096] as attached Figure 5 , when the client attacks the windows system host, it is first connected to the windows system host by the above-mentioned TCP connection request through the remote desktop operation. At this time, the Linux gateway first opens the pf_ring by setting pfr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a screen recording method under a windows system, and belongs to the field of network security. According to the invention, the method comprises the steps of: adopting pf_ring to capture packets of real-time traffic, performing analysis, and obtaining a TCP / IP layer data packet; calling an analysis function to analyze, acquiring an application layer data packet, calling an rdp protocol analysis library libfredep in rdp replay to analyze application layer data, calling an rdp protocol library function to draw a screen, and repeating the steps to realize real-time screen recording of the attack behavior. According to the method, pf_ring is adopted for real-time flow packet capture, so that the packet capture performance is improved, and real-time screen recording undera windows system is realized.

Description

technical field [0001] The invention relates to the field of network security, in particular to a screen recording method under the windows system. Background technique [0002] With the development of the Internet, people pay more and more attention to network security, and the collection and analysis of network attack behavior is an important part of it. In the field of network security, honeypot is a network attack detection technology well known to network security personnel. The third party attacks them, captures evidence and information related to the hacker, so that the attack behavior can be analyzed. [0003] The honeypot of the windows system generally only captures the behavior of the system, such as files, command lines, etc. For this kind of data, it needs to be analyzed to a certain extent, so that the attack intention of the attacker can be roughly judged. In order to better intuitively display the attacker's operations, collecting network attack behaviors t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26
CPCH04L43/045H04L43/12H04L63/1416H04L63/1425H04L63/1491
Inventor 吴建亮胡鹏叶翔
Owner 广州锦行网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap