发明名称 |
System, method and computer program product for detecting encoded shellcode in network traffic |
摘要 |
A system, method and computer program product are provided for detecting encoded shellcode. In use, network traffic that is encoded is identified. Further, it is determined whether the network traffic that is encoded includes shellcode. |
申请公布号 |
US9178907(B2) |
申请公布日期 |
2015.11.03 |
申请号 |
US200611450110 |
申请日期 |
2006.06.09 |
申请人 |
McAfee, Inc. |
发明人 |
Kashyap Rahul Chander |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
Blank Rome, LLP |
代理人 |
Blank Rome, LLP |
主权项 |
1. A method, comprising:
identifying network traffic that is encoded, utilizing a processor; determining a type of encoding associated with the network traffic; converting the network traffic that is encoded; determining whether the network traffic that is encoded includes shellcode; counting predetermined instructions; and determining whether a number of the predetermined instructions exceeds at least one threshold, wherein the determination whether the network traffic includes the shellcode is conditionally performed based on a determination whether the network traffic comprises machine language instructions encoded as text, wherein the at least one threshold is determined based on an application associated with the network traffic. |
地址 |
Santa Clara CA US |