Method and device for detecting malicious HTTP request

A malicious, yet-to-be-detected technology, used in security communication devices, digital transmission systems, electrical components, etc., to solve problems such as intrusion detection algorithms being difficult to detect.

Inactive Publication Date: 2009-03-18
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Since these malicious HTTP requests do not contain obvious attack features, traditional intrusion detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting malicious HTTP request
  • Method and device for detecting malicious HTTP request
  • Method and device for detecting malicious HTTP request

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0087] Assume that the malicious HTTP request detection unit receives the following http request:

[0088] GET / login.asp HTTP / 1.1\r\n

[0089] Host:www.test.com\r\n

[0090] ser-Agent: Mozilla / 5.0(xxxx)\r\n

[0091] Accept: text / html; image / jpg, * / *\r\n

[0092] Accept-Language: zh-cn, zh\r\n

[0093] Accept-Charset: gb2312, utf-8\r\n

[0094] Referer: http: / / www.test.com∧r\n

[0095] The URI value of the HTTP request is " / login.asp", and the Referer value is "http: / / www.test.com / ". First, search based on the URI value Figure 7 It is found that the network node corresponding to / login.asp exists, but it is not a key node. Therefore, it is directly judged as "no abnormal HTTP request".

example 2

[0097] Assuming that the hacker wants to attack the web application system whose website is www.test.com, he sets up a website by himself, the website is www.abc.com, and the root web page of the website contains the following line of HTML code: "".

[0098] If a web user (victim) of www.test.com has successfully completed user authentication through the login web page login.asp on the web application system, but it does not want to execute the function corresponding to the hyperlink / actionl.asp. But unfortunately, he opened the hacker website www.abc.com without logging out from the www.test.com web application system. At this time, its web client will interpret and execute the above HTML maliciously inserted by the hacker code, the result is that the victim’s web client will send an HTTP request as shown in Table 2 to the web application system www.test.com, and the Cookies field of the HTTP request automatically carries the victim’s login www.test. com Web application syst...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a device for detecting malicious HTTP requests, wherein the device comprises a network construction unit of Web access relationship and a detecting unit of malicious HTTP requests, wherein the network construction unit of Web access relationship is used for constructing a Web access relationship network for a to-be detected Web site, the network of Web access relationship embodies the fixed Web page access order of the Web site, the detecting unit of malicious HTTP requests is used for judging whether the HTTP requests which are sent to the Web site are corresponding with the fixed Web page access order of the Web site, if the requests are not corresponding with the order, the HTTP requests are judged as the malicious HTTP requests. The method and the device of the invention utilize the fixed Web page access order of the Web site to effectively detect the malicious HTTP requests.

Description

technical field [0001] The invention relates to a device and method for detecting malicious HTTP requests, belonging to the technical field of computer network security. Background technique [0002] With the development of Internet technology and Web technology, the Web no longer only provides static content services for Internet users, but can provide various dynamic Web content services according to user needs. Due to the advantages of easy deployment and use of Web services, many traditional client / server applications have begun to be transformed into Web-based applications, including those applications such as electronic banking and electronic securities that have very high security requirements. [0003] While web applications bring convenience to people's life and work, they also bring many security problems, including web Trojan horses, phishing, cross-site scripting attacks, and cross-site request forgery attacks. The attack principle of these attacks is: hackers S...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/00H04L12/26
Inventor 叶润国李博胡振宇孙海波
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap