Web page tamper prevention device based on web server cache matching and method thereof

A server cache and server technology, applied in electrical components, transmission systems, etc., can solve problems such as damaging corporate image and interests, achieve the effects of improving security, overcoming low detection efficiency, and preventing hackers from tampering with web pages

Active Publication Date: 2014-07-16
STATE GRID CORP OF CHINA +1
View PDF3 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a webpage anti-tampering device and method based on web server cache matching, which overcomes the above-mentioned deficiencies in the prio

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web page tamper prevention device based on web server cache matching and method thereof
  • Web page tamper prevention device based on web server cache matching and method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] Embodiment 1: as attached figure 1 As shown, the webpage anti-tampering device based on web server cache matching includes:

[0040] A message obtaining unit, configured to obtain an IP response message sent by the web server to the client;

[0041] The first feature extraction unit is used to perform feature value extraction on the data in the IP response message that is easy to inject into the Trojan horse process and tamper process, to obtain the first feature value;

[0042] The first detection module, which performs fuzzy matching processing, detects whether the first feature value sent by the first feature extraction unit matches the blacklist database feature value; if so, judges that the detected webpage is a tampered webpage; if not, sends a detection signal To the second detection module; the fuzzy matching process extracts SQL injection, XSS cross-site scripting, CSRF cross-site request forgery and other behavioral features in the webpage according ...

Embodiment 2

[0052] Embodiment 2: as attached figure 2 As shown, the webpage anti-tampering method using the above-mentioned webpage anti-tampering device comprises the following steps:

[0053] The first step: read the IP response message fed back by the web server to the client, and obtain the web page characteristic data of the web server;

[0054] The second step: extracting the feature value of the data at the place where the Trojan horse process and the tampering process are easy to be injected into the IP response message as the first feature value;

[0055] Step 3: performing fuzzy matching processing on the first characteristic value and the blacklist database;

[0056] If the result of the fuzzy matching process is that the first feature unit matches the blacklist database, then it is determined that there is a malicious process in the client webpage and the process is terminated, and feedback to the client prompts that the webpage has been maliciously tampered with, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of electric power industry information web page tamper prevention, in particular to a web page tamper prevention device based on web server cache matching and a method of the device. According to the web page tamper prevention device based on web server cache matching, a feature value of a suspected Trojan program in an IP response message is extracted, whether the feature value is matched with a black list database or not is judged through fuzzy matching, then the feature values of all information of an accessed web page are extracted to be precisely matched with web server cache data, and whether a web page accessed by a client side is tampered or not is judged. Fuzzy matching processing is carried out through a first detection module, the Trojan program and other malicious programs in the web page are detected, precise matching processing is carried out through a second detection module, the feature values of all the information of the accessed web page are compared with the web server cache data, the problem that existing web page tamper detection efficiency is low is solved, the web page can be effectively prevented from being tampered by a blacker, and website safety is greatly improved.

Description

technical field [0001] The invention relates to the technical field of information webpage tampering protection in the electric power industry, and relates to a webpage antitampering device and method based on web server cache matching. Background technique [0002] In recent years, website security incidents have been on the rise, and tampering with webpage files is a common method of hacker attacks. At present, the ways of tampering with webpages include obtaining Webshell after SQL injection, introducing malicious HTML interface through XSS vulnerabilities, controlling DNS servers, and ARP attacks. Adding risky information in , such as: replacing the entire webpage, inserting new / black links, replacing website image files, editing webpages on a small scale, etc. Such tampering with webpages will lead to webpage hanging horses, privacy violations, identity theft, economic losses, loss of reputation etc. [0003] Among them, the power industry web pages have the following...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08
Inventor 肖靖峰马天福张建业李德高
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap