Static detection method and apparatus for webshell deformation

A technology to be detected and lexical, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problems of webshell affecting normal business, unable to distinguish whether webshell is a normal script, etc.

Active Publication Date: 2015-11-18
XIAMEN MEIYA PICO INFORMATION
View PDF5 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] This application provides a static detection method for webshell deformation, which is used to solve the problem that the existing technology cannot distinguish whether the webshell is a normal script and the behavior detection of the webshell may affect normal business

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Static detection method and apparatus for webshell deformation
  • Static detection method and apparatus for webshell deformation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In order to make the above objects, features and advantages of the present application more obvious and comprehensible, the present application will be further described in detail below in conjunction with the accompanying drawings and specific implementation methods.

[0025]One of the core inventive concepts of this application lies in: webshell will inevitably do some suspicious behaviors in order to achieve its malicious purpose. Transformations can be made to varying degrees. If it can be simulated and run in a simulated environment, since the webshell has to do some behaviors, there will always be one or more places where the behavior will be encountered. When the behavior is triggered, the deformed part will also be revealed. For this reason, this application adopts the following method for analysis: write a static scanning engine, simulate the real environment in the engine to a reasonable degree, execute the script file in this simulation environment, parse eac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The application provides a static detection method and apparatus for webshell deformation. The method comprises: according to voice features contained in the content of a to-be-detected webshell file, judging the type of the file; according to the type of the file, determining a lexical and syntax analyzer, a built-in function library and an abnormal behavior rule library which are to be used; performing lexical and syntax analysis on the to-be-detected webshell file by utilizing the lexical and syntax analyzer to generate an intermediate code; and interpretively executing the intermediate code in a preset virtual machine, analyzing a behavior of the intermediate code by utilizing the built-in function library and the abnormal behavior rule library in the execution process, and judging whether a corresponding code is a malicious code. According to the scheme of the application, the problem that an existing hook mode possibly influences normal business can be avoided while the deformed webshell code is effectively identified.

Description

technical field [0001] The present application relates to the technical field of webshell detection, in particular, to a static detection method and device for webshell deformation. Background technique [0002] With the rapid development of information technology, the Internet has become an indispensable part of people's lives. Nowadays, people’s clothing, food, housing, transportation, entertainment, social networking, shopping and even all aspects of life are inseparable from the Internet, and hackers are trying various methods to do things that endanger people’s lives every day with their own purposes. , Internet security has received unprecedented attention. [0003] As an important tool for hackers to invade websites, webshell plays a very important role in the process of hackers invading websites. As the name implies, the meaning of "web" is that the server obviously needs to open web services, and the meaning of "shell" is to obtain a certain degree of operating au...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/562
Inventor 胡安荣陈奋陈荣有孙晓波
Owner XIAMEN MEIYA PICO INFORMATION
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap