Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Trojan-embedded website detection method based on hyper text transfer protocol (HTTP) traffic analysis

A detection method and flow analysis technology, applied in the computer field, can solve the problem of consuming large resources and achieve the effect of good detection effect

Active Publication Date: 2013-09-18
国家计算机病毒应急处理中心
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the traditional detection methods of Trojan websites can only obtain the whole process of Trojan attacks through a top-down approach.
This method continuously detects a large number of websites by simulating the client, so as to discover the source of the attack and the relationship among them, and it will inevitably consume a lot of resources.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trojan-embedded website detection method based on hyper text transfer protocol (HTTP) traffic analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The method for detecting websites linked to horses based on HTTP traffic analysis provided by the present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0031] The inventor detects captured access requests to known or suspicious webpages that are linked to horses in the network bypass, and analyzes the Referer field of the header of the HTTP protocol data packet, so as to find those websites that have been invaded by linked horses.

[0032] After a lot of analysis and research on the characteristics of the current webpages that are linked to horses, it is found that the Referer domain value may play a special role in the detection of webpages that are linked to horses.

[0033] HTTP Referer is a part of the header. When the browser sends a request to the web server, it will usually bring the Referer to tell the server which page it is linked from, so that the server can obtain some information for pro...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a trojan-embedded website detection method based on hyper text transfer protocol (HTTP) traffic analysis. The method comprises the following steps of: capturing of a user HTTP request in a wide area network or a local area network, recovery of an HTTP Header, extraction of a Referer domain value, rule characteristic matching of HOST attributes and Get paths in the HTTP Header, outputting of Trojan-embedded uniform resource locator (URL) and HTTP accessing behavior full path, and the like. By the Trojan-embedded website detection method provided by the invention, the information of a Trojan-embedded website can be obtained by a known Trojan-embedded website by fully utilizing the autonomous Web accessing behaviors of a client or an ordinary user, and the influence range and conditions of Trojan-embedding attacks can be comprehensively and really mastered, so relatively better detection results still can be obtained under the condition of relatively less investment, and a great number of clues and data can be obtained. The Trojan-embedded website detection method still can be combined with the conventional Trojan-embedded website detection methods. The detection method can be preposed in application, so a detection range can be narrowed down still with relatively higher recall for the conventional Trojan-embedded website detection methods.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method for detecting websites linked to horses based on HTTP traffic analysis. Background technique [0002] The so-called hanging horse is that the hacker obtains the account of the website administrator through various means, then logs in to the background of the website, and obtains a webshell through database backup / restoration or uploading vulnerabilities. Hackers can use the obtained webshell to modify the content of the website page, add malicious redirection code to the page, or directly obtain the server or website FTP through weak passwords, and then directly modify the website page. When someone visits the page added with malicious code, it will automatically visit the redirected address or download Trojan horse virus. If the website is linked to a horse, it will not only lose the credibility of the website and lose a large number of customers, but also make ordin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/70H04L12/26
Inventor 张健杜振华张津弟陈建民曹鹏王琚孟彬
Owner 国家计算机病毒应急处理中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com