Method and device for detecting Java agent without file injection into memory horse
The invention discloses a method and device for detecting a Java agent without file injection into a memory horse, and the method comprises the steps: analyzing a/proc/self/maps file in a JAVA system, and obtaining a loading range of libjvm.so; performing real-time detection on a/proc/sef/mem file i...
Saved in:
| Main Authors | , , |
|---|---|
| Format | Patent |
| Language | Chinese English |
| Published |
03.02.2023
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | The invention discloses a method and device for detecting a Java agent without file injection into a memory horse, and the method comprises the steps: analyzing a/proc/self/maps file in a JAVA system, and obtaining a loading range of libjvm.so; performing real-time detection on a/proc/sef/mem file in the JAVA system; judging whether the write-in range of the read-write operation of the/proc/self/mem file in the memory is the loading range of libjvm.so or not; if yes, the read-write operation is judged to be malicious memory operation, and interception is carried out; and if not, judging that the read-write operation is normal memory operation. Malicious shellcode writing is detected by monitoring/proc/self/mem memory operation of a Java web container program, malicious memory injection is found in time and intercepted, and safety and stability are improved.
本发明公开了一种Java agent无文件注入内存马的检测方法及装置,包括:解析JAVA系统中的/proc/self/maps文件,得到libjvm.so的加载范围;对JAVA系统中的/proc/self/mem文件进行实时检测;判断/proc/self/mem文件在内存中读写操作的写入范围是否为libjv |
|---|---|
| AbstractList | The invention discloses a method and device for detecting a Java agent without file injection into a memory horse, and the method comprises the steps: analyzing a/proc/self/maps file in a JAVA system, and obtaining a loading range of libjvm.so; performing real-time detection on a/proc/sef/mem file in the JAVA system; judging whether the write-in range of the read-write operation of the/proc/self/mem file in the memory is the loading range of libjvm.so or not; if yes, the read-write operation is judged to be malicious memory operation, and interception is carried out; and if not, judging that the read-write operation is normal memory operation. Malicious shellcode writing is detected by monitoring/proc/self/mem memory operation of a Java web container program, malicious memory injection is found in time and intercepted, and safety and stability are improved.
本发明公开了一种Java agent无文件注入内存马的检测方法及装置,包括:解析JAVA系统中的/proc/self/maps文件,得到libjvm.so的加载范围;对JAVA系统中的/proc/self/mem文件进行实时检测;判断/proc/self/mem文件在内存中读写操作的写入范围是否为libjv |
| Author | BAO CHUNJIE ZHANG XIAORUI JIANG XIANGQIAN |
| Author_xml | – fullname: ZHANG XIAORUI – fullname: BAO CHUNJIE – fullname: JIANG XIANGQIAN |
| BookMark | eNqNys0KgkAUhuFZ1KIf7-F0AUESiduQIoLa1F4G_dQJPUeck9HdN0EX0Op9F8_cTFgYM3O7QBspyXJJJUZXgCoZwioKdVzT2Y6WbA1WerlAn0qVa0GOH18hHE6FOnQyvKmRwWNpppVtPaJfF2Z1PNyz0xq95PC9LcDQPLvG8S5J03iT7Lf_mA9fOzn- |
| ContentType | Patent |
| DBID | EVB |
| DatabaseName | esp@cenet |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: EVB name: esp@cenet url: http://worldwide.espacenet.com/singleLineSearch?locale=en_EP sourceTypes: Open Access Repository |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Medicine Chemistry Sciences Physics |
| DocumentTitleAlternate | 一种Java agent无文件注入内存马的检测方法及装置 |
| ExternalDocumentID | CN115688106A |
| GroupedDBID | EVB |
| ID | FETCH-epo_espacenet_CN115688106A3 |
| IEDL.DBID | EVB |
| IngestDate | Fri Jul 19 14:39:12 EDT 2024 |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | Chinese English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-epo_espacenet_CN115688106A3 |
| Notes | Application Number: CN202211436170 |
| OpenAccessLink | https://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20230203&DB=EPODOC&CC=CN&NR=115688106A |
| ParticipantIDs | epo_espacenet_CN115688106A |
| PublicationCentury | 2000 |
| PublicationDate | 20230203 |
| PublicationDateYYYYMMDD | 2023-02-03 |
| PublicationDate_xml | – month: 02 year: 2023 text: 20230203 day: 03 |
| PublicationDecade | 2020 |
| PublicationYear | 2023 |
| RelatedCompanies | ANXINSEC (BEIJING) TECHNOLOGY CO., LTD |
| RelatedCompanies_xml | – name: ANXINSEC (BEIJING) TECHNOLOGY CO., LTD |
| Score | 3.5803552 |
| Snippet | The invention discloses a method and device for detecting a Java agent without file injection into a memory horse, and the method comprises the steps:... |
| SourceID | epo |
| SourceType | Open Access Repository |
| SubjectTerms | CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS |
| Title | Method and device for detecting Java agent without file injection into memory horse |
| URI | https://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20230203&DB=EPODOC&locale=&CC=CN&NR=115688106A |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3dS8MwED_m_HzTqej8IIL0rThtumYPRVy6MQbrhk7Z22jShm1gO9ZO0b_eS9jUF30LCYTk4Hcfye_uAK5jjBnUraB2Q1BlU-XV7EZMha3cxK0z11PUdGvohfXOM-2O3FEJZutcGFMn9N0UR0REScR7YfT1_OcRKzDcyvxGTHEqu28P_cBaRcfoT9_VHCto-q1BP-hzi3Ofh1b46KPjU2cM45-HDdhEN9rTaGi9NHVWyvy3SWnvw9YAd0uLAyh9Tiqwy9ed1yqw01t9eFdg2zA0ZY6TKxTmh_DUM22fSZTGJE401Am6njjUHwJoikg3eotIpJOmiH5nzZYF0fWXyDSdGeZViqMiI6-aZftBJtkiT47gqt0a8o6N5xx_C2XMw58rOcdQTrM0OQFCdfwimRcrEVEmJUNdnHgyUjUqHSbEKVT_3qf63-IZ7GkBG8aycw7lYrFMLtAgF-LSSPIL8CiQvA |
| link.rule.ids | 230,309,783,888,25576,76876 |
| linkProvider | European Patent Office |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1bT8IwFD5BvOCbokbxVhOzt0V0HSsPi5EOgsgGUTS8kXWXAIkbYUOjv97TBtQXfWvapGlP8p1L-51zAC5DjBnia0H1uqCxTmOrqtdDKvTYjMwaM62Yqm4NrldrP9PO0BwWYLrKhVF1Qt9VcUREVIB4z5W-nv08YjmKW5ldiQlOpbetge1oy-gY_embqqE5DbvZ7zk9rnFuc0_zHm10fGqMYfxztwbr6GJbEg3Nl4bMSpn9NimtHdjo425JvguFz3EZSnzVea0MW-7yw7sMm4qhGWQ4uURhtgdPrmr7TPwkJGEkoU7Q9cSh_BBAU0Q6_ptPfJk0ReQ7a7rIiay_RCbJVDGvEhzlKXmVLNsPMk7nWbQPF63mgLd1POfoWygj7v1cyTiAYpIm0SEQKuOXgFlhLHzKgoChLo6swI-rNDCYEEdQ-Xufyn-L51BqD9zuqHvvPRzDthS2Yi8bJ1DM54voFI1zLs6UVL8A5rmTrw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Apatent&rft.title=Method+and+device+for+detecting+Java+agent+without+file+injection+into+memory+horse&rft.inventor=ZHANG+XIAORUI&rft.inventor=BAO+CHUNJIE&rft.inventor=JIANG+XIANGQIAN&rft.date=2023-02-03&rft.externalDBID=A&rft.externalDocID=CN115688106A |