System and method for reverse command shell detection
US10599841B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Aug 9, 2018 |
| Grant date | Mar 24, 2020 |
| Priority date | — |
| Expiry date | Sep 19, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F9/451
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A system and method for detecting reverse command shell intrusions at a process-level on a user device is disclosed. In one embodiment, the system detects each process starting on an operating system of the user device, such as a mobile phone or laptop computer, and monitors Application Programming Interface (API) calls between each process and the operating system. The system then determines whether each process is associated with a reverse command shell intrusion based on information associated with each process and/or the API calls, and executes security policies against the processes associated with the reverse command shell intrusion to remediate the processes. In another embodiment, the system determines whether processes starting on a user device are associated with a reverse command shell intrusion by monitoring and analyzing information associated with the parent process of each process and/or API calls between each parent process and the operating system.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.