Systems and methods for detecting a process to establish a backdoor connection with a computing device

Invention Grant

US08683576B1 Systems and methods for detecting a process to establish a backdoor connection with a computing device 有权

Title translation: 用于检测与计算设备建立后门连接的过程的系统和方法

Please log in to see more content

Patent Title: Systems and methods for detecting a process to establish a backdoor connection with a computing device
Patent Title (中): 用于检测与计算设备建立后门连接的过程的系统和方法
Application No.: US12571121

Application Date: 2009-09-30
Publication No.: US08683576B1

Publication Date: 2014-03-25
Inventor: James Yun
Applicant: James Yun
Applicant Address: US CA Mountain View
Assignee: Symantec Corporation
Current Assignee: Symantec Corporation
Current Assignee Address: US CA Mountain View
Agency: Holland & Hart LLP
Main IPC: G06F7/04
IPC: G06F7/04 ; G06F12/00 ; G06F12/14 ; G06F13/00 ; G06F17/30 ; G11C7/00

Systems and methods for detecting a process to establish a backdoor connection with a computing device

Abstract:

A computer-implemented method for detecting a process to establish a backdoor connection with the computer is described. An application programming interface (API) is hooked. Calls to the hooked API are monitored. A call directed to the hooked API is intercepted. The call instructs the API to initiate a user interface. Structures included in the intercepted call are analyzed. The intercepted call is prevented from arriving at the hooked API if the structures are directed to a socket on the computer.

Abstract(Chinese):

描述了用于检测与计算机建立后门连接的过程的计算机实现的方法。应用程序编程接口（API）被挂接。监听挂钩API的呼叫。针对挂钩API的呼叫被拦截。该呼叫指示API启动用户界面。分析被拦截的呼叫中包括的结构。如果结构被引导到计算机上的插座，则被拦截的呼叫被阻止到达挂钩的API。

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F7/00	通过待处理的数据的指令或内容进行运算的数据处理的方法或装置（逻辑电路入H03K19/00）
G06F7/02	.比较数字值的（G06F7/06，G06F7/38优先）
G06F7/04	..同一性比较，即相同或不相同值的比较