A kernel layer shellcode detection method and device

A detection method and a technology at the kernel layer, applied in the field of information network security, can solve the problems of difficult detection of abnormal behavior and failure to detect attack behavior in time.

Pending Publication Date: 2021-02-23
QI AN XIN SECURITY TECH ZHUHAI CO LTD +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in addition to blocking, the current protection software can only judge the shellcode based on the behavior after the attack, and can't do anything about the b

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A kernel layer shellcode detection method and device
  • A kernel layer shellcode detection method and device
  • A kernel layer shellcode detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0078] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0079] As mentioned in the background technology, in order to bypass the ASLR technology, the shellcode needs to operate on the preset memory page where the kernel module is located to obtain the system API address. At present, there is no effective protection technology for bypassing the ASLR mechanism. This makes it difficult for the attacker's abnormal behavior to be detected, and it is impossible to discover the execution of the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a kernel layer shellcode detection method and device, computer equipment and a computer storage medium, relates to the technical field of information network security, and aimsto monitor a specific memory page of an operating system kernel layer, detect abnormal operation behaviors in time and effectively discover execution of kernel layer shellcode attack behaviors. The method comprises the following steps: selecting a preset memory page on a path of an attack behavior positioning kernel layer support function executed by a shellcode, and setting a specified attributefor the preset memory page; monitoring an operation behavior of a preset memory page where the kernel module is located based on the set specified attribute; and if the operation behavior of the preset memory page where the kernel module is located occurs, performing legality judgment on the operation behavior of the preset memory page where the kernel module is located so as to detect an attackbehavior executed by the shellcode.

Description

technical field [0001] The invention relates to the technical field of information network security, in particular to a detection method, device, computer equipment and computer storage medium of kernel layer shellcode. Background technique [0002] In various existing computer software, due to the openness of the system, interactivity and the defects of the software itself, the computer or service system is vulnerable to malicious code and vulnerability attacks, especially when the system vulnerability triggers the execution of the foreign code shellcode, the shellcode is By overflowing the core code of malicious attacks, the attacker can use the shellcode to enter the host process and launch an attack on the host process, thereby realizing the control of the operating system. [0003] The kernel layer is the core part of the operating system, responsible for scheduling CPU resources, managing processes and memory, etc. The user application program cannot directly operate ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F21/57H04L29/06
CPCG06F21/566G06F21/577H04L63/145H04L63/1433
Inventor 曲恩纯
Owner QI AN XIN SECURITY TECH ZHUHAI CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap