Device and method for preventing web page tampering based on web server cache matching

A server cache and server technology, applied in electrical components, transmission systems, etc., can solve problems such as damage to corporate image and interests, improve security, prevent hackers from tampering with web pages, and overcome low detection efficiency

Active Publication Date: 2017-10-17
STATE GRID CORP OF CHINA +1
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a webpage anti-tampering device and method based on web server cache matching, which overcomes the above-mentioned deficiencies in the prior art, and can effectively solve problems caused by power failure. The problem that the industry webpage is tampered with and seriously damages the corporate image and interests

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Device and method for preventing web page tampering based on web server cache matching
  • Device and method for preventing web page tampering based on web server cache matching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] Embodiment 1: as attached figure 1 As shown, the webpage anti-tampering device based on web server cache matching includes:

[0040] A message obtaining unit, configured to obtain an IP response message sent by the web server to the client;

[0041] The first feature extraction unit is used to perform feature value extraction on the data in the IP response message that is easy to inject into the Trojan horse process and tamper process, to obtain the first feature value;

[0042] The first detection module, which performs fuzzy matching processing, detects whether the first feature value sent by the first feature extraction unit matches the blacklist database feature value; if so, judges that the detected webpage is a tampered webpage; if not, sends a detection signal To the second detection module; the fuzzy matching process extracts SQL injection, XSS cross-site scripting, CSRF cross-site request forgery and other behavioral features in the webpage according to the Tr...

Embodiment 2

[0052] Embodiment 2: as attached figure 2 As shown, the webpage anti-tampering method using the above-mentioned webpage anti-tampering device comprises the following steps:

[0053] The first step: read the IP response message fed back by the web server to the client, and obtain the webpage characteristic data of the web server;

[0054] The second step: extracting the feature value of the data at the place where the Trojan horse process and the tampering process are easy to be injected into the IP response message as the first feature value;

[0055] Step 3: performing fuzzy matching processing on the first characteristic value and the blacklist database;

[0056] If the result of the fuzzy matching process is that the first feature unit matches the blacklist database, then it is determined that there is a malicious process in the client webpage and the process is terminated, and feedback to the client prompts that the webpage has been maliciously tampered with, and simulta...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of information webpage tampering protection in the electric power industry, and relates to a webpage anti-tampering device based on web server cache matching and a method thereof. The webpage anti-tampering device based on web server cache matching extracts a suspected Trojan horse in an IP response message The characteristic value of the process, through fuzzy matching, judges whether the characteristic value matches the blacklist database, and then extracts the characteristic value of all the information of the visited webpage and accurately matches the cached data of the web server to determine whether the webpage accessed by the client has been tampered with. The present invention performs fuzzy matching processing through the first detection module to detect malicious processes such as Trojan horses in the webpage, and performs precise matching processing through the second detection module to compare the feature values ​​of all information on the accessed webpage with the cached data of the web server, thereby overcoming The problem of low efficiency of existing web page tampering detection is solved, it can effectively prevent hackers from tampering with web pages, and greatly improves the security of the website.

Description

technical field [0001] The invention relates to the technical field of information webpage tampering protection in the electric power industry, and relates to a webpage antitampering device and method based on web server cache matching. Background technique [0002] In recent years, website security incidents have been on the rise, and tampering with webpage files is a common method of hacker attacks. At present, the ways of tampering with webpages include obtaining Webshell after SQL injection, introducing malicious HTML interface through XSS vulnerabilities, controlling DNS servers, and ARP attacks. Adding risky information in , such as: replacing the entire webpage, inserting new / black links, replacing website image files, editing webpages on a small scale, etc. Such tampering with webpages will lead to webpage hanging horses, privacy violations, identity theft, economic losses, loss of reputation etc. [0003] Among them, the power industry web pages have the following...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 肖靖峰马天福张建业李德高
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap