CN114465753A - 远程操作行为识别方法、装置、电子设备及存储介质 - Google Patents
远程操作行为识别方法、装置、电子设备及存储介质 Download PDFInfo
- Publication number
- CN114465753A CN114465753A CN202111509963.0A CN202111509963A CN114465753A CN 114465753 A CN114465753 A CN 114465753A CN 202111509963 A CN202111509963 A CN 202111509963A CN 114465753 A CN114465753 A CN 114465753A
- Authority
- CN
- China
- Prior art keywords
- psexec
- remote operation
- operation behavior
- remote
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 267
- 230000008569 process Effects 0.000 claims abstract description 218
- 230000006399 behavior Effects 0.000 claims abstract description 160
- 230000006854 communication Effects 0.000 claims abstract description 107
- 238000004891 communication Methods 0.000 claims abstract description 92
- 238000012544 monitoring process Methods 0.000 claims abstract description 44
- 230000006870 function Effects 0.000 claims description 190
- 238000001514 detection method Methods 0.000 claims description 35
- 230000002452 interceptive effect Effects 0.000 claims description 33
- 238000004590 computer program Methods 0.000 claims description 13
- 230000003993 interaction Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Selective Calling Equipment (AREA)
Abstract
Description
Claims (12)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111509963.0A CN114465753B (zh) | 2021-12-10 | 远程操作行为识别方法、装置、电子设备及存储介质 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111509963.0A CN114465753B (zh) | 2021-12-10 | 远程操作行为识别方法、装置、电子设备及存储介质 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114465753A true CN114465753A (zh) | 2022-05-10 |
CN114465753B CN114465753B (zh) | 2024-06-28 |
Family
ID=
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8127316B1 (en) * | 2006-11-30 | 2012-02-28 | Quest Software, Inc. | System and method for intercepting process creation events |
US20170244754A1 (en) * | 2016-02-19 | 2017-08-24 | Secureworks Corp. | System and Method for Detecting and Monitoring Thread Creation |
CN109067815A (zh) * | 2018-11-06 | 2018-12-21 | 深信服科技股份有限公司 | 攻击事件溯源分析方法、系统、用户设备及存储介质 |
CN109753791A (zh) * | 2018-12-29 | 2019-05-14 | 北京奇虎科技有限公司 | 恶意程序检测方法及装置 |
CN111191224A (zh) * | 2019-07-08 | 2020-05-22 | 腾讯科技(深圳)有限公司 | 虚拟机检测的对抗方法、装置及计算机可读存储介质 |
CN111273967A (zh) * | 2019-12-30 | 2020-06-12 | 上海上讯信息技术股份有限公司 | 适用于Android系统的远程钩子设置方法、装置及电子设备 |
CN112351017A (zh) * | 2020-10-28 | 2021-02-09 | 北京奇虎科技有限公司 | 横向渗透防护方法、装置、设备及存储介质 |
CN112929365A (zh) * | 2021-02-05 | 2021-06-08 | 深信服科技股份有限公司 | 一种远程命令检测方法、装置及电子设备 |
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8127316B1 (en) * | 2006-11-30 | 2012-02-28 | Quest Software, Inc. | System and method for intercepting process creation events |
US20170244754A1 (en) * | 2016-02-19 | 2017-08-24 | Secureworks Corp. | System and Method for Detecting and Monitoring Thread Creation |
CN109067815A (zh) * | 2018-11-06 | 2018-12-21 | 深信服科技股份有限公司 | 攻击事件溯源分析方法、系统、用户设备及存储介质 |
CN109753791A (zh) * | 2018-12-29 | 2019-05-14 | 北京奇虎科技有限公司 | 恶意程序检测方法及装置 |
CN111191224A (zh) * | 2019-07-08 | 2020-05-22 | 腾讯科技(深圳)有限公司 | 虚拟机检测的对抗方法、装置及计算机可读存储介质 |
CN111273967A (zh) * | 2019-12-30 | 2020-06-12 | 上海上讯信息技术股份有限公司 | 适用于Android系统的远程钩子设置方法、装置及电子设备 |
CN112351017A (zh) * | 2020-10-28 | 2021-02-09 | 北京奇虎科技有限公司 | 横向渗透防护方法、装置、设备及存储介质 |
CN112929365A (zh) * | 2021-02-05 | 2021-06-08 | 深信服科技股份有限公司 | 一种远程命令检测方法、装置及电子设备 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111984975B (zh) | 基于拟态防御机制的漏洞攻击检测系统、方法及介质 | |
CN111651754B (zh) | 入侵的检测方法和装置、存储介质、电子装置 | |
US11120124B2 (en) | Method for detecting a deviation of a security state of a computing device from a desired security state | |
CN109727027B (zh) | 账户识别方法、装置、设备及存储介质 | |
CN110933103A (zh) | 反爬虫方法、装置、设备和介质 | |
CN110806965A (zh) | 自动测试方法、装置、设备和介质 | |
CN110881051A (zh) | 安全风险事件处理方法、装置、设备及存储介质 | |
CN109039812B (zh) | 端口检测方法、系统和计算机可读存储介质 | |
CN113886814A (zh) | 一种攻击检测方法及相关装置 | |
CN111125708B (zh) | 漏洞检测方法及装置 | |
CN113239366B (zh) | 一种电力工控设备的漏洞无损检测方法及系统 | |
CN111327632B (zh) | 一种僵尸主机检测方法、系统、设备及存储介质 | |
CN111291377A (zh) | 一种应用漏洞的检测方法及系统 | |
CN112087455B (zh) | 一种waf站点防护规则生成方法、系统、设备及介质 | |
CN114465753A (zh) | 远程操作行为识别方法、装置、电子设备及存储介质 | |
CN114465753B (zh) | 远程操作行为识别方法、装置、电子设备及存储介质 | |
CN111538994A (zh) | 一种系统安全检测及修复方法、装置、存储介质及终端 | |
KR101624276B1 (ko) | 모바일 어플리케이션의 아이콘 도용 여부를 탐지하는 방법 및 그 장치 | |
CN115062304A (zh) | 风险识别方法、装置、电子设备及可读存储介质 | |
CN113190836A (zh) | 一种基于本地命令执行的web攻击行为检测方法及系统 | |
CN111027053A (zh) | 一种Android应用程序具有防Activity劫持的检测方法和系统 | |
CN110706221A (zh) | 图片定制化的验证方法、验证设备、存储介质及装置 | |
CN113806789A (zh) | 一种基于游戏内存隐私保护系统 | |
CN116347046B (zh) | 基于可视化移动终端控制的家庭监护方法及系统 | |
CN111427767A (zh) | 应用系统的攻击测试方法、装置、计算机设备和存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Country or region after: China Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: QAX Technology Group Inc. Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant before: QAX Technology Group Inc. Country or region before: China Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant |