Skip to Content

Malicious Communication Detection


UHIDS’ self-developed malicious network communication detection feature can capture malicious backdoor trojans and network communications established with hacker servers at the system level.

Detection Principle

Once the UHIDS Agent client plugin is successfully installed, the plugin will automatically scan the system’s current network communication status. It will then analyze the corresponding behaviors of the network processes and finally use big data processing to output malicious communication records.

Detection Cycle

  • Real-time scanning detection is automatically performed when the plugin is started.
  • The default periodic check occurs every 2 hours.
  • After clearing the risk, the system will rescan the same risk within 2 hours. If the risk is fixed, the alert will be automatically deleted.

Detection Items

Detection ItemDescription
Reverse ShellHackers send attack commands to the target machine, causing the server to initiate communication with a hacker-designated address, thereby allowing the hacker to control the server.
Malicious File DownloadDuring an attack, hackers may use malicious commands to make the server download a specific trojan file.
Suspicious Network CommunicationThe network communication established by the hacker’s backdoor trojan with their server.