Method and system for detecting hostile attack on Internet information system

Abstract

The invention discloses a method and a system for detecting a hostile attack on an Internet information system. The method comprises the following steps: A, regularly crawling and saving the content of an Internet web page; B, conducting a Trojan detection analysis, a sensitive word detection analysis, a sensitive image detection analysis, a directory change detection analysis, a host information audit detection analysis, a broken link/wrong link detection analysis, a page change detection analysis and/or log collection detection analysis to the crawled content of the Internet web page according to a predefined rule; and C, according to the results of the detection analyses, generating corresponding detection reports, and outputting and displaying the detection reports. The method for detecting the hostile attack on the Internet information system has the advantages that the detection is comprehensive, the defection safety is increased, the workload is reduced, the human cost is reduced, and the method provides convenience for users.

Description

technical field [0001] The invention relates to the technical field of network detection, in particular to a method and system for detecting malicious attacks on websites. Background technique [0002] The detection of website malicious attacks scans websites, analyzes the scanned data and extracts suspicious malicious information. [0003] The detection methods for malicious attacks on websites at home and abroad include vulnerability scanning, manual inspection and penetration testing. Vulnerability scanning uses security vulnerability scanning software or equipment to discover vulnerabilities through network scanning and automatically completes the inspection work; manual inspection is to log in to the system as a system administrator, find tools to scan for security vulnerabilities that cannot be found, understand website configuration information and view Website under attack; Penetration testing is a method to detect website security by simulating the attack method of...

AI Technical Summary

Problems solved by technology

[0007] (1) Heavy detection workload: Vulnerability scanning is cumbersome and requires manual on-duty and configuration, and the interpretation of scanning results also takes a lot of time;

[0008] (2) High dependence on experts: Whether it is vulnerability scanning, manual inspection or penetration testing, they all rely on experienced experts. The verification of scanning results and penetration testing rely heavily on personal quality and technical ability, and the results given by different people may vary greatly. Big;

[0009] (3) The detection is not comprehensive enough: for a new evaluation object, in addition to detecting vulnerabilities, it is also necessary to evaluate the content and security of the application itself. It is necessary to quickly collect information such as its host, application server, and database server. and conduct a comprehensive analysis;

[0010] (4) Lack of analysis means: Due to the use of multiple testing tools during the detection process, the data is not centralized, and there is a lack of a comprehensive platform for comprehensive display and analysis, making it impossible to perform advanced analysis on the maturity of security capabilities and security risk trends;

[0011] (5) Insufficient attention to content security: What the website finally displays to customers is intuitive web content

[0012] (6) The frequency of security detection is not high: the current malicious attack detection is basically static detection; however, external websites change frequently, and it is impossible to detect security vulnerabilities and malicious behavior results in time

Images