WebShell detection method and system

A detection method and remote detection technology, applied in the field of Internet security, can solve the problems such as the inability to detect the WebShell, and achieve the effects of improving the detection rate and detection efficiency, improving the accuracy rate, and reducing the false negative rate and false positive rate

Active Publication Date: 2015-03-25
杭州迪普信息技术有限公司
View PDF3 Cites 55 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Remote detection does not require additional permissions, but due to the concealment of WebShell and the limitation that web crawlers can only crawl pages with reference relationships, the path dictionary-based detection method has great limitations, because the upload path of WebShell The name of the file and the uploaded file are arbitrarily specified by the attacker. Once the attacker uses a very complicated path, and this path is not in the path dictionary of the remote detection, the remote detection cannot detect the WebShell, so the remote detection can only Detect the more common WebShell

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WebShell detection method and system
  • WebShell detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] Combine below figure 1 and figure 2 The technical scheme of the present invention is further described in detail.

[0035] The present invention pre-sets suspicious WebShell path library, local detection fingerprint library and remote detection fingerprint library as basic basis for detection. The following describes how the present invention implements a comprehensive WebShell detection process in combination with network security detection technology.

[0036] figure 1 It is a flow chart of a WebShell detection method in the present invention. In a preferred embodiment, the method of the present invention is specifically as follows:

[0037] A. Collect server access logs and analyze URLs with suspicious access behaviors.

[0038] Specifically, log in to the server through SSH to obtain access logs generated by web middleware (apache, tomcat, iis, etc. software). The access logs record URLs and parameters for each user visit. Check and find out the pages most su...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a WebShell detection method and system. The system comprises a log auditing module, a local detection module, a remote detection module and a result output module. The system executes the following processing flow: A, collecting a server access log, and analyzing a URL (Uniform Resource Locator) with suspicious access behaviors; B, performing local detection and remote detection on the analyzed URL with suspicious access behaviors in combination with a WebShell feature library; C, and performing judgment according to the detection, reporting a WebShell path if WebShell is found, and meanwhile adding the path identified as WebShell into a WebShell path library. Through adoption of the method and the system, the detection rate and detection efficiency of WebShell detection in network Web application are increased, and the missing report rate and false report rate are lowered.

Description

technical field [0001] The invention relates to the technical field of Internet security, in particular to a WebShell detection method and system. Background technique [0002] With the birth of a series of new Internet products such as Web2.0, social network, and Weibo, Internet applications based on the Web environment are becoming more and more extensive. In the process of enterprise informatization, various applications are set up on the Web platform. The rapid development of business has also attracted the strong attention of hackers, followed by the emergence of web security threats. Hackers use the loopholes in the website operating system and the SQL injection loopholes in the web service program to gain control of the web server, and at least tamper with the webpage. The serious one is to steal important internal data, and the more serious one is to implant malicious code in the webpage, so that the website visitors are violated. This also makes more and more users...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0861H04L63/1416H04L63/1425H04L63/145H04L67/02
Inventor 李小龙
Owner 杭州迪普信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap