Method and device for detecting Web vulnerability scanning behavior

A vulnerability scanning and detection method technology, which is applied in the detection field of Web vulnerability scanning behavior, can solve the problems of missed scanning requests, false positives, and false negatives of anti-scanning mechanisms, so as to reduce false positives and false positives and improve accuracy. Effect

A vulnerability scanning and detection method technology, which is applied in the detection field of Web vulnerability scanning behavior, can solve the problems of missed scanning requests, false positives, and false negatives of anti-scanning mechanisms, so as to reduce false positives and false positives and improve accuracy. Effect

CN105871845AInactive Publication Date: 2016-08-17SANGFOR TECH INC
4 Cites 31 Cited by

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting Web vulnerability scanning behavior
  • Method and device for detecting Web vulnerability scanning behavior
  • Method and device for detecting Web vulnerability scanning behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0108] As an embodiment, the device also includes:

[0109] The second obtaining module is used to obtain the HTTP request frequency of the access terminal within a preset time interval if the number of concurrent TCP connections is less than a preset number;

[0110] The adding module 10 is further configured to embed hidden links and / or JS codes in the hypertext markup language HTML text of the response information sent to the access terminal if the HTTP request frequency is less than the preset frequency.

[0111] The judging module 20 is further configured to judge that the access request of the access terminal is a Web vulnerability scanning behavior if the HTTP request frequency is greater than or lower than the preset frequency.

[0112] Verify the sending frequency of the HTTP request at the access terminal within the preset time interval. If the frequency is greater than the frequency preset by the user, it is determined that the access request of the access terminal ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting a Web vulnerability scanning behavior. The method comprises the following steps: embedding a hidden link and / or a JS (Javascript) code into an HTML (Hyper Text Markup Language) text of response information sent to an access side; and if detecting the access side extracts and accesses the hidden link, and / or does not receive an HTTP request which is sent by the access side on the basis of executing the JS code, judging an access request of the access side as the Web vulnerability scanning behavior. The invention further discloses a device for detecting the Web vulnerability scanning behavior. According to the method and the device disclosed by the invention, the accuracy of judging the vulnerability scanning behavior is improved, and the misreporting and the underreporting when the Web vulnerability scanning behavior is detected are reduced.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting Web vulnerability scanning behavior. Background technique [0002] Web vulnerability scanner is a common automated web security assessment tool. It can be configured to perform automatic vulnerability scanning on specified websites or other web applications, and finally summarize and output vulnerability scanning reports. The common forms of web vulnerability scanners are stand-alone software, distributed cloud-based scanners and hardware scanning devices. This kind of tool is easy to operate and effective, and is often used by hackers to attack websites. [0003] When a web scanner performs a scanning task, it has certain characteristics. Based on these characteristics, the web application firewall can identify different scanners or scanning behaviors. The core of the traditional device anti-scanning technology is to extract firewall ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
17 Aug 2016
Publication
CN105871845A
IPC
H04L29/06
CPC
H04L63/1433
Inventors
董永信