Detection method of web shell and web server

A detection method and server technology, which is applied in the detection of web shells and the field of web servers, can solve the problems of web server security threats, increase the misjudgment rate of web shells on the web server side, and cannot detect quickly and accurately

Active Publication Date: 2015-02-04
三六零数字安全科技集团有限公司
View PDF8 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This detection method cannot quickly and accurately detect the web shell in the web server, which increases the misjudgment rate of the web shell on the web server side, thereby threatening the security of the web server

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method of web shell and web server
  • Detection method of web shell and web server
  • Detection method of web shell and web server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0031] A web shell detection method provided by an embodiment of the present invention, such as figure 1 As shown, the method includes:

[0032] 101. Construct a web script virtual machine running a web server script.

[0033] The web shell detection is performed on the web server side, and the purpose of the detection is to prevent the web server from having a web shell when it is running. When setting up the detection method, i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method of web shell and a web server, relates to the field of information security, and mainly aims to detect the web shell in the web server rapidly and accurately in order to protect the security of the web server. According to the major technical scheme of the invention, the method comprises the following steps: constructing a web script virtual machine running a web server script; acquiring web script parameters of web scrip running according to different testing aims; running the web script parameters and the detected web server script on the web script virtual machine, and recording a process behavior in the running process of the web server script; matching the process behavior with a predetermined malicious script rule base; if the matching is successful, determining that the web server script is the web shell. The detection method is mainly applied to the detection process of the web shell.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method for detecting a web shell and a web server. Background technique [0002] With the rapid development of Internet technology, Internet information security has become the focus of people's increasing attention. The web shell is a script attack tool for web intrusion. Simply put, a web shell is an Active Server Page (asp) or Hypertext Preprocessing Language (Hypertext Preprocessor, php) Trojan backdoor. After hackers invade a website, they often use these asp or php Trojans The backdoor file is placed in the web directory of the website server and mixed with normal webpage files. Then hackers can use the web to control the website server through the asp or php Trojan horse backdoor, including uploading and downloading files, viewing databases, and executing arbitrary program commands. [0003] At present, we often detect whether there is a web shell through static de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56H04L29/06
CPCG06F21/566H04L63/1416
Inventor 唐海陈卓邢超杨康
Owner 三六零数字安全科技集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap