Unlock instant, AI-driven research and patent intelligence for your innovation.

Reverse shell process detection method and device, electronic equipment, computer storage medium and program product

A detection method and reverse technology, applied in the computer field, can solve problems such as insufficient detection accuracy of reverse shell processes, and achieve the effect of improving detection efficiency and accuracy

Pending Publication Date: 2022-02-18
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Embodiments of the present invention provide a reverse shell process detection method and device, electronic equipment, computer storage media, and program products, aiming to solve the technical problem of insufficient detection accuracy of reverse shell processes in related technologies

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Reverse shell process detection method and device, electronic equipment, computer storage medium and program product
  • Reverse shell process detection method and device, electronic equipment, computer storage medium and program product
  • Reverse shell process detection method and device, electronic equipment, computer storage medium and program product

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] figure 1 A flow chart of a method for detecting a reverse shell process according to an embodiment of the present invention is shown.

[0037] Such as figure 1 As shown, the flow process of the reverse shell process detection method according to an embodiment of the present invention includes:

[0038] Step 102, acquiring process information of the target process.

[0039] The process information of the target process includes: the process identifier of the target process, the value of the file descriptor in the target process, the inode number of the file descriptor pointing to the file, and the file descriptor pointing to the file mode value.

[0040] Specifically, the process identifier can be described as PID_t, the file descriptor can be described as FD_t, the index node number (inode number) of the file descriptor pointing to the file can be described as INode_t, and the mode value pointing to the file of the file descriptor can be described as : Mode_t.

[0...

Embodiment 2

[0052] On the basis of Embodiment 1, a method for constructing a directed graph according to an embodiment of the present invention includes:

[0053] Step 202, adding the process information to the initialization graph structure to obtain an intermediate graph structure.

[0054] First, each target process needs to be used as a node in the initialization graph structure, and the process information of each target process is used as the node attribute information of the node to construct the intermediate graph structure.

[0055] Second, due to the large number of target processes, effective target processes need to be selected as valid nodes. Specifically, for each of the target processes, if the mode value of the file descriptor in the target process pointing to the file is a pipe type or a socket type, then the target process is used as a node of the initialization graph structure . So far, the process information of the target process determined as a node is set as the n...

Embodiment 3

[0063] On the basis of embodiment one and embodiment two, such as figure 2 As shown, the method for constructing a directed graph according to an embodiment of the present invention includes:

[0064] Step 302, for each of the target processes, when the mode value of the file descriptor of the target process pointing to a file is a pipe type or a socket type, add the target process as a node to the initialization graph in structure.

[0065] Step 304, for any first node and second node in the initialization graph structure, judge whether the process identifiers of the first node and the second node are different, and if the judgment result is yes, go to step 306 , otherwise, go to step 310.

[0066] The process identifier is used as the identification code of the process to identify the unique identity of the process. Therefore, when the process identifiers of the first node and the second node are different, it can be determined that the two belong to different target proc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a reverse shell process detection method and device, electronic equipment, a computer storage medium and a program product. The method comprises the steps of obtaining process information of a target process; generating a target directed graph based on the process information and an initialized graph structure; determining the state of a target loop in the target directed graph; and determining whether the target process is a reverse shell process or not according to the state of the target loop. By means of the technical scheme, a large number of reverse shell processes can be rapidly recognized and detected, and the detection efficiency and accuracy of the reverse shell processes are improved.

Description

【Technical field】 [0001] The invention relates to the technical field of computers, in particular to a reverse shell process detection method and device, electronic equipment, computer storage media and program products. 【Background technique】 [0002] With the development of science and technology, computer security risks appear frequently, and reverse shell has become one of them. The working method of the reverse shell is that the remote computer sends its own shell to a specific user, and this feature is often used by illegal objects to invade the computer. In this regard, in related technologies, it is possible to judge whether it is a reverse shell process by collecting the characteristics of the target process, but this judgment method is based on a single basis and the detection accuracy is low. [0003] Therefore, how to accurately and reliably detect the reverse shell process has become a technical problem to be solved urgently. 【Content of invention】 [0004] ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F16/901G06F21/55
CPCG06F16/9024G06F21/55
Inventor 王贺刘博彦盛颖肖新光
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com