Bind shell attack detection

Bind shell attack detection

Methods, apparatus and computer program products implement embodiments of the present invention that include collecting data packets transmitted between multiple entities over a network, and grouping the packets at least according to their source and destination entities and their times, into connec...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Meshi, Yinnon, Neuman, Yaron, Firstenberg, Eyal, Allon, Jonathan, Amit, Idan
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Methods, apparatus and computer program products implement embodiments of the present invention that include collecting data packets transmitted between multiple entities over a network, and grouping the packets at least according to their source and destination entities and their times, into connections to which the packets belong. Pairs of the connections are identified having identical source and destination entities and times that are together within a specified time window, and sets of features are generated for the identified pairs of the connections. The features in the pairs are evaluated in order to detect a given pair of connections indicating malicious activity, and an alert is generated for the malicious activity.