Method of detecting deformed shell

Method of detecting deformed shell

The invention provides a method for detecting a deformed shell, relates to the technical field of Internet security, and solves the problem that a detection method in the prior art cannot accurately detect the deformed shell. The method for detecting the deformed shell comprises the steps: detecting...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: WANG ZHIBO, ZHAO CHUAN, HOU SIRUI, ZHANG ZHIYONG, SONG ZHEN, YAN GUOXING, FENG SHUHUAN, LIU ZIHAO, SHI LIN, CHEN LIN, LI BENGANG, LI LEI
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides a method for detecting a deformed shell, relates to the technical field of Internet security, and solves the problem that a detection method in the prior art cannot accurately detect the deformed shell. The method for detecting the deformed shell comprises the steps: detecting a parent process of an executed command; if a plurality of different commands have the same parentprocess and the parent process has interactive input and output attributes, determining that the parent process as a shell process; and if the parent process executes a shell program not carried by asystem, determining that the parent process is not a deformed shell process. According to the method, the problem of preposition of rebound shell detection, namely what shell is, is solved, so that the rebound shell detection method is effective for a normal shell and is also effective for a deformed shell. 本发明提供了一种检测变形的shell的方法,涉及互联网安全的技术领域,解决了现有技术中的检测方法不能准确地对变形的shell进行检测的问题。该检测变形的shell的方法,通过考察被执行命令的父进程,如果多个不同的命令有相同的父进程,且