Web back door detection method and device based on behavioral characteristics

A backdoor and behavioral technology, applied in the field of Internet security, can solve problems such as multiple false alarms, complex code logic, and large web access volume, and achieve the effect of increasing detection rate, improving detection efficiency, and reducing false alarm rate

Active Publication Date: 2012-08-22
BEIJING BAIDU NETCOM SCI & TECH CO LTD
View PDF2 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the large number of online web codes, which belong to different projects, the changes are frequent, and the structure cannot be unified in advance; the online code logic is more complicated, and some codes may be similar to the backdoor keyword codes, resulting in more errors. report; web traffic is large, and there may be certain load balancing measures, the entire attack process and backdoor files may be stored on different machines
This brings great challenges to the traditional static signature backdoor detection technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web back door detection method and device based on behavioral characteristics
  • Web back door detection method and device based on behavioral characteristics
  • Web back door detection method and device based on behavioral characteristics

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0075] figure 1 It is the flowchart of the method for detecting web backdoors based on behavioral characteristics provided by this embodiment, such as figure 1 As shown, the method includes:

[0076] Step S101, obtain the file attribute information of the script file in the web directory, determine the attribute abnormality degree of the script file according to the file owner, file creation time or file authority in the file attribute information, and set the attribute abnormality degree to meet the preset The required script file is identified as a backdoor file.

[0077] All program scripts in the web application are basically saved on the web server in the form of files, and these files are called web script files, ie script files. In addition to the file content, the script file also includes a lot of file attribute information, such as: file name, file creation time, file modification time, file owner, file type, file permission and file size, etc. Since there is a un...

Embodiment 2

[0141] Figure 4 It is a flow chart of the web backdoor detection method based on behavioral characteristics provided in Embodiment 2. Such as Figure 4 As shown, the method includes:

[0142] Step S401, obtain the file attribute information of the script file in the web directory, determine the attribute abnormality degree of the script file according to the file owner, file creation time or file authority in the file attribute information, and use the attribute abnormality degree as the script file The first weight W1 of .

[0143] The calculation method of the attribute abnormality degree is the same as that in the first embodiment, so it will not be repeated here.

[0144] Step S402, counting the access frequency, the number of access sources, or the amount of visits by time period of each script file from the web log, determining the access abnormality of the script file according to the statistical results, and using the access abnormality as the second weight of the ...

Embodiment 3

[0155] Figure 5 is a schematic diagram of a web backdoor detection device based on behavioral features provided in this embodiment. Such as Figure 5 As shown, the device includes:

[0156] The judging module includes an attribute anomaly judging module 10 , an access anomaly judging module 20 and a process anomaly monitoring module 30 .

[0157] Attribute abnormal judgment module 10, is used for obtaining the file attribute information of script file under web directory, according to the file creation time in described file attribute information, file owner or file authority, determines the attribute abnormality degree of script file, attribute abnormality degree Script files that meet preset requirements are identified as backdoor files.

[0158] All program scripts in the web application are basically saved on the web server in the form of files, and these files are called web script files, ie script files. In addition to the file content, the script file also includes...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a web back door detection method and device based on behavioral characteristics. The method comprises the following steps of: step S1_1, obtaining file attribute information of a script file under a web catalogue; determining an attribute abnormality of the script file according to file establishing time, a file owner or a file authority limit in the file attribute information; and identifying the script file with the attribute abnormality which meets pre-set requirements into a back door file; step S1_2, counting an accessing frequency, accessing source quantity or different-time accessing amount of each script file from a web log and determining an accessing abnormality; and identifying the script file with the accessing abnormality which meets pre-set requirements as the back door file; and step S1_3, utilizing an operating system to monitor a progress of a web server; judging whether a pre-set operation or order exists; and if so, identifying the script file which sends out the operation or the order as the back door file. The web back door detection method and device based on the behavioral characteristics can effectively detect an encrypted and deformed wed back door based on a detection manner of the behavioral characteristics, so that the relevance ratio and the detection efficiency are improved and the misinformation rate is reduced.

Description

【Technical field】 [0001] The invention relates to the technical field of Internet security, in particular to a web backdoor detection method and device based on behavioral characteristics. 【Background technique】 [0002] At present, in the Internet industry, security problems are becoming more and more obvious. After malicious attackers attack Internet websites, they often leave backdoors (codes) in the source code of the websites. A backdoor is a method of bypassing security controls to gain access to a program or system. Attackers can continue to control website permissions through the backdoor after the website vulnerabilities are patched. After obtaining the authority of the website, the attacker will immediately upload a web Trojan horse virus to further escalate the authority, causing a serious threat to the server. Common web backdoors include: one-word Trojan horse, phpspy, jspspy, etc. [0003] Existing web backdoor detection tools mostly use static feature detec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 王珉然方小顿
Owner BEIJING BAIDU NETCOM SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap