Patent · US Active

Online command injection attacks identification

US12039037B2 · kind B2 · utility

0Cited by

2References

13Claims

0Family size

Assignee

JFrog Ltd. · IL

Inventors

Asaf Karas · Givatayim, IL
Or Peles · Tel Aviv-Yafo, IL
Meir Tsvi · Nes Ziona, IL
Anton Nayshtut · Netanya, IL

Key dates

Filing date	Jul 25, 2023
Grant date	Jul 16, 2024
Priority date	—
Expiry date	Jul 25, 2043

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method, a computer program product and an apparatus for online detection of command injection attacks in a computerized system. The method comprises determining that an input of a potential input provisioning event received from a network includes a command separator and an executable product and recording a suspicious record event. The method further comprises determining that an execution command configured to be executed a potential execution event correlates to the suspicious record event and in response to said determining flagging the execution command as a command injection attack. The method further comprises performing a remedial action with respect to the flagged command injection attack prior to attempting to execute the execution command.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.