An application layer shellcode detection method and device

A detection method and application layer technology, applied in the field of information network security, can solve problems such as inability to achieve attack effects, inability to detect attack behaviors in time, and prediction

Active Publication Date: 2021-02-23
QI AN XIN SECURITY TECH ZHUHAI CO LTD +1
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the current protection methods can only judge or block from the follow-up attack behavior. For unknown attack behavior, it is impossible to predict the attack effect, making it difficult to detect the abnormal behavior of the attacker, and it is impossible to find the execution of the attack behavior in time.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An application layer shellcode detection method and device
  • An application layer shellcode detection method and device
  • An application layer shellcode detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055]Hereinafter, exemplary embodiments of the present disclosure will be described in more detail with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure can be implemented in various forms and should not be limited by the embodiments set forth herein. On the contrary, these embodiments are provided to enable a more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0056]As mentioned in the background art, in order to bypass the ASLR technology, the shellcode needs to operate on the preset memory page where the application module is located to obtain the system API address. Currently, there is no effective protection technology for bypassing the ASLR mechanism. It is difficult to detect the abnormal behavior of the attacker, and the execution of the application layer shellcode...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an application layer shellcode detection method and device, computer equipment and a computer storage medium, relates to the technical field of information network security, and aims to monitor a specific memory page of an application layer of an operating system, detect abnormal operation behaviors in time and effectively discover application layer shellcode attack behaviors. The method comprises the following steps: selecting a preset memory page on a path of a key dynamic link library of a shellcode execution attack behavior positioning application layer, and settingthe preset memory page as a specified attribute; monitoring an operation behavior of a preset memory page where the application module is located based on the set specified attribute; and if the access attempt to the preset memory page where the application module is located occurs, performing legality judgment on the access behavior to detect an attack behavior executed by the shellcode.

Description

Technical field[0001]The present invention relates to the technical field of information network security, in particular to a detection method, device, computer equipment and computer storage medium for application layer shellcode.Background technique[0002]In the existing various computer software, due to the openness of the system, the interactivity and the defects of the software itself, the computer or the service system is vulnerable to malicious code and vulnerabilities, especially when the system vulnerabilities trigger the execution of foreign code shellcode, the shellcode is Overflowing the core code of malicious attack behavior, the attacker can use shellcode to enter the host process, launch an attack on the host process, and achieve control of the operating system.[0003]The application layer is the interface for the operating system or network applications to provide network services, and is mainly responsible for human-computer interaction. Under normal circumstances, on...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57H04L29/06
CPCG06F21/566G06F21/577H04L63/145H04L63/1433
Inventor 巫强
Owner QI AN XIN SECURITY TECH ZHUHAI CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap