Palo Alto Networks has been granted a patent for a method that involves collecting and grouping data packets transmitted between multiple entities over a network. The method identifies pairs of connections with identical source and destination entities and times within a specified time window, generates sets of features for these pairs, and evaluates the features to detect malicious activity such as a bind shell attack, triggering an alert. GlobalData’s report on Palo Alto Networks gives a 360-degree view of the company including its patenting strategy. Buy the report here.
According to GlobalData’s company profile on Palo Alto Networks, IoT network security was a key innovation area identified from patents. Palo Alto Networks's grant share as of September 2023 was 62%. Grant share is based on the ratio of number of grants to total number of patents.
Detecting bind shell attacks in network connections

A recently granted patent (Publication Number: US11777971B2) describes a method for detecting bind shell attacks over a network. The method involves collecting data packets transmitted between multiple entities and grouping them based on their source and destination entities and times into connections. Pairs of connections with identical source and destination entities and times within a specified time window are identified. Sets of features, including port numbers and Internet Protocol (IP) addresses, are generated from the header information of the packets in the identified pairs of connections.
The method evaluates the features in the pairs of connections to detect any differences between the first and second features, indicating a bind shell attack. If a bind shell attack is detected, an alert is generated. The detection of a bind shell attack can be based on differences in port numbers or IP addresses between the first and second connections in a pair.
Additional sets of features can be generated from the IP addresses in the identified pairs of connections, and these features are also evaluated to detect a bind shell attack. The detection can involve comparing the IP address of the destination entity in a pair to a specified IP address and checking if the port number on the destination entity in the first or second connection matches a specified port number.
The patent also describes a method for detecting bind shell attacks by comparing the start and end times of the first and second connections in a pair. If the end time of the first connection is within a specified range of the start time of the second connection, a bind shell attack is detected.
Furthermore, the patent includes a method for detecting bind shell attacks by evaluating the duration and volume of data transmitted in the connections. If the duration of the second connection is greater than or equal to a specified duration and the volume of data transmitted in the second connection is greater than or equal to a specified value, a bind shell attack is detected.
The granted patent also covers a computer software product that implements the described method. The software product includes program instructions stored in a non-transitory computer-readable medium, which, when read by a computer, cause the computer to perform the steps of the method.
Overall, this patent presents a method and software product for detecting bind shell attacks by analyzing network data packets and evaluating various features of the connections between entities. The method provides a means to identify potential security threats and generate alerts for further investigation and mitigation.
To know more about GlobalData’s detailed insights on Palo Alto Networks, buy the report here.
Data Insights
From
The gold standard of business intelligence.
Blending expert knowledge with cutting-edge technology, GlobalData’s unrivalled proprietary data will enable you to decode what’s happening in your market. You can make better informed decisions and gain a future-proof advantage over your competitors.