Method and device for identifying whether remote file contains vulnerability or not

A remote file and identification method technology, applied in the field of computer networks, can solve problems such as false positives and missed negatives, and achieve the effect of solving false positives and missed negatives

Active Publication Date: 2013-09-04
SANGFOR TECH INC
View PDF5 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The main purpose of the present invention is to provide a method and device for identifying loopholes contained in remote files, aiming to solve the problems of false positives and missed negatives that occur when identifying loopholes contained in remote files that are currently commonly used

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for identifying whether remote file contains vulnerability or not
  • Method and device for identifying whether remote file contains vulnerability or not
  • Method and device for identifying whether remote file contains vulnerability or not

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0051] The method and device for identifying loopholes contained in remote files of the present invention combine the attacker's malicious attack request session with the web server's session requesting malicious files for analysis, and judge whether triggering the PHP remote file containment attack occurs according to the characteristics of the PHP remote file containment attack; the method It can exclude normal http (Hyper Text Transfer Protocol, hypertext transfer protocol) redirection requests, and at the same time, it can defend against undisclosed PHP remote file inclusion vulnerabilities, and effectively solve the false positives and false negatives existing in ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for identifying whether a remote file contains vulnerability or not. The method comprises the following steps of when a network request message passes a fire screen, comparing an inlaid rule base, when the network request message is matched with the inlaid rule base, recording the network request message information in a conversation recording list; and when the fire screen receives an access message sent by a server, if the access message is recorded in the conversation recording list, analyzing the content of the access message. According to the analysis result, the method for identifying whether the access message is a safe message or the message which contains a safety threat has the beneficial effect of timely and accurately identifying whether the remote file contains the vulnerability or not, and the problems of misreport and report fault of the method based on a characteristic detecting mechanism are effectively solved. Furthermore, the vulnerability contained in the identified remote file can be defended in advance.

Description

technical field [0001] The invention relates to computer network technology, in particular to a method and device for identifying loopholes contained in remote files. Background technique [0002] The remote file inclusion vulnerability is a unique attack form of the PHP (Hypertext Preprocessor, Hypertext Preprocessing Language) scripting language, and it is also one of the most common attack methods for web applications; since the PHP language is widely used in web site development, this vulnerability also widely available. PHP remote file inclusion vulnerabilities can execute arbitrary code on the web server, which is very harmful. Therefore, remote file inclusion vulnerabilities are one of the attack objects that application-layer firewalls focus on identifying and defending against. [0003] Currently, there are two main methods for identifying and defending against PHP remote file inclusion vulnerabilities: identification based on specific 0day vulnerabilities and iden...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 周欣
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap