WebShell file detection method in Web server

A file detection and server technology, applied in the field of information security, can solve the problems of high misjudgment rate of WebShell, inability to detect quickly and accurately, and achieve the effects of ensuring security, increasing speed, and reducing false positives

Inactive Publication Date: 2015-10-07
BEIJING ANPRO INFORMATION TECH
View PDF4 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This detection method cannot quickly and accurately detect whether there is a WebShell, and the misj...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WebShell file detection method in Web server
  • WebShell file detection method in Web server
  • WebShell file detection method in Web server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0060] Assume that in a C / S mode application written in C language, the management terminal is a terminal computer M with Windows as the operating system, the agent terminal is a server S with Linux as the system, the current user is Admin, and the login management Terminal M, and connected to the proxy terminal S, the user can choose any of the following three modes for WebShell detection (balanced mode, low false negative rate mode or low false positive rate mode).

[0061] Assuming that the user Admin selects the low false positive rate mode among the three modes, and the directory selected for scanning is a Web directory, the specific steps are as follows (as attached figure 2 ), scan the web directory to detect whether there is a WebShell file:

[0062] 1) Transmission from the M terminal: low false alarm mode and the directory Web that needs to be scanned;

[0063] 2) The S terminal receives the incoming information from the M terminal, according to the transmitted dir...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a WebShell file detection method in a Web server. The WebShell file detection method comprises the steps of performing detection respectively based on the reference, time and characteristic values; respectively calculating a reference detection weight, a time detection weight and a characteristic detection weight of a file to be detected by scanning; and then calculating a final weight so as to know whether the file to be detected is a normal file, a suspicious WebShell file or a confirmed WebShell file. The method to calculate the final detection weight comprises a low false alarm mode, a low false negative mode and a balanced mode. The WebShell file detection method is high in file scanning and detecting efficiency and can be used for quickly and accurately detecting the WebShell file in the server, thereby ensuring the security of the server.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method for detecting a WebShell file under a server with Web services enabled. Background technique [0002] With the rapid development of Internet technology, Internet information security has become the focus of attention. WebShell is a script attack tool for Web intrusion. For the understanding of WebShell, "Web" refers to the server that the server opens Web services, and "Shell" refers to obtaining a certain degree of operating authority on the server. WebShell is often referred to as an anonymous user (intruder) who has a certain degree of authority to operate the Web server through the Web service port. Because most of it appears in the form of web scripts, it is also called a website backdoor tool. [0003] WebShell is a common web backdoor. In general, WebShell has two functions. On the one hand, WebShell is often used by webmasters for website management and serv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 张涛宁戈史记高申
Owner BEIJING ANPRO INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap