Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for detecting and blocking rebound shell attack and related equipment

An attacker and attack feature technology, applied to electrical components, transmission systems, etc., can solve the problems of multiple false negatives and low detection rate of rebound shell attacks, so as to improve the detection rate and reduce false positives

Inactive Publication Date: 2020-11-06
INSPUR SUZHOU INTELLIGENT TECH CO LTD
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide a method for detecting and blocking rebound shell attacks and related equipment, aiming to solve the problems of low detection rate of rebound shell attacks and many missed reports in the prior art, and realize detection and blocking. Combining to improve the detection rate and reduce the occurrence of false positives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting and blocking rebound shell attack and related equipment
  • Method for detecting and blocking rebound shell attack and related equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to clearly illustrate the technical features of the present solution, the present invention will be described in detail below through specific implementation methods and in conjunction with the accompanying drawings. The following disclosure provides many different embodiments or examples for implementing different structures of the present invention. To simplify the disclosure of the present invention, components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and / or letters in different instances. This repetition is for the purpose of simplicity and clarity and does not in itself indicate a relationship between the various embodiments and / or arrangements discussed. It should be noted that components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and processes are omitted herein to avoid unnecessarily lim...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for detecting and blocking a rebound shell attack and related equipment. According to the invention, a reasonable detection method and a blocking mechanism are designed; the features or attack modes of the rebound shell can be dynamically added into the rule base; the process characteristics in the local host are matched with rules in a rule base; therefore, the purpose of reducing missing report is achieved; if the rebound shell occurs, the related information of the rebound shell is provided for the user, the attack of the rebound shell can be terminated according to the provided ID of the rebound shell process, and the IP of the far-end attacker can be added into the blacklist according to the tetrad information, so that the detection rate of the reboundshell attack can be effectively improved.

Description

technical field [0001] The invention relates to the technical field of intrusion detection, in particular to a method for detecting and blocking rebound shell attacks and related equipment. Background technique [0002] Reverse shell attack means that the control terminal listens on a certain port, and the controlled terminal actively initiates a connection request to the port, and transfers the input and output of its command line to the control terminal. In layman's terms, a reverse shell is an intrusion behavior, mainly manifested in that the local host actively connects to the remote attacker, so that the remote attacker will obtain the execution environment of the local host and can execute commands arbitrarily. At present, many researchers have studied how to detect rebound shells, but none of them are universal, and there are many false positives. Even if a rebound shell is detected, no effective blocking method is given. [0003] In the prior art, there is a technic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1466
Inventor 王勇
Owner INSPUR SUZHOU INTELLIGENT TECH CO LTD