Patent · US Active

Reverse shell network intrusion detection

US10135847B2 · kind B2 · utility

6Cited by

126References

18Claims

0Family size

Assignee

Salesforce.com, Inc. · US

Inventors

John Brooke Althouse · Round Hill, US
William Salusky · Sterling, US
Jeffrey S. Atkinson · Ashburn, US

Key dates

Filing date	May 18, 2016
Grant date	Nov 20, 2018
Priority date	—
Expiry date	Nov 19, 2036

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/0236
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A client system such as a database system may be vulnerable to intrusion by an unauthorized user or system through a reverse secure shell connection that enables the intruder to execute OS-level or shell commands on the client system. A reverse shell connection may be detected by monitoring and inspecting packet data traffic between the client system or internal network, and an exterior or “foreign” network. In one example of such a process, after detecting a normal shell session originating inside the internal network, a reverse shell connection exploiting the initial shell detection is detected by analyzing the transmission directions and payload sizes of a sequence of the monitored packets relative to a predetermined traffic pattern. The specific pattern may be selected for different operating systems.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.