Malicious Communication Detection
UHIDS’ self-developed malicious network communication detection feature can capture malicious backdoor trojans and network communications established with hacker servers at the system level.
Detection Principle
Once the UHIDS Agent client plugin is successfully installed, the plugin will automatically scan the system’s current network communication status. It will then analyze the corresponding behaviors of the network processes and finally use big data processing to output malicious communication records.
Detection Cycle
- Real-time scanning detection is automatically performed when the plugin is started.
- The default periodic check occurs every 2 hours.
- After clearing the risk, the system will rescan the same risk within 2 hours. If the risk is fixed, the alert will be automatically deleted.
Detection Items
| Detection Item | Description |
|---|---|
| Reverse Shell | Hackers send attack commands to the target machine, causing the server to initiate communication with a hacker-designated address, thereby allowing the hacker to control the server. |
| Malicious File Download | During an attack, hackers may use malicious commands to make the server download a specific trojan file. |
| Suspicious Network Communication | The network communication established by the hacker’s backdoor trojan with their server. |