Method and device for detecting Web vulnerability scanning behavior

A vulnerability scanning and detection method technology, which is applied in the detection field of Web vulnerability scanning behavior, can solve the problems of missed scanning requests, false positives, and false negatives of anti-scanning mechanisms, so as to reduce false positives and false positives and improve accuracy. Effect

Inactive Publication Date: 2016-08-17
SANGFOR TECH INC
View PDF4 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

A scanner will establish a large number of TCP connections and send a large number of HTTP requests, so that only part of the scanning requests will be processed, and many scanning requests will be missed. Those missed scanning requests can still scan out many vulnerabilities. One of the important reasons for false negatives with anti-scanning mechanisms
[0007] 3) Some firewall rules monitor specific files or information, such as server configuration files, database files, compressed files, temporary files, requests for other known sensitive files, and such rules are the hardest hit areas for false positives of the anti-scan function , a large number of compressed files, data files or other special files, these files or information can be accessed normally on many websites, but such firewall rules will match such requests, causing false positives
[0008] In short, the existing anti-scanning technology performs protection according to the text characteristics of TCP connections or HTTP requests, resulting in serious false positives and false negatives.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting Web vulnerability scanning behavior
  • Method and device for detecting Web vulnerability scanning behavior
  • Method and device for detecting Web vulnerability scanning behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0108] As an embodiment, the device also includes:

[0109] The second obtaining module is used to obtain the HTTP request frequency of the access terminal within a preset time interval if the number of concurrent TCP connections is less than a preset number;

[0110] The adding module 10 is further configured to embed hidden links and / or JS codes in the hypertext markup language HTML text of the response information sent to the access terminal if the HTTP request frequency is less than the preset frequency.

[0111] The judging module 20 is further configured to judge that the access request of the access terminal is a Web vulnerability scanning behavior if the HTTP request frequency is greater than or lower than the preset frequency.

[0112] Verify the sending frequency of the HTTP request at the access terminal within the preset time interval. If the frequency is greater than the frequency preset by the user, it is determined that the access request of the access terminal ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting a Web vulnerability scanning behavior. The method comprises the following steps: embedding a hidden link and / or a JS (Javascript) code into an HTML (Hyper Text Markup Language) text of response information sent to an access side; and if detecting the access side extracts and accesses the hidden link, and / or does not receive an HTTP request which is sent by the access side on the basis of executing the JS code, judging an access request of the access side as the Web vulnerability scanning behavior. The invention further discloses a device for detecting the Web vulnerability scanning behavior. According to the method and the device disclosed by the invention, the accuracy of judging the vulnerability scanning behavior is improved, and the misreporting and the underreporting when the Web vulnerability scanning behavior is detected are reduced.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting Web vulnerability scanning behavior. Background technique [0002] Web vulnerability scanner is a common automated web security assessment tool. It can be configured to perform automatic vulnerability scanning on specified websites or other web applications, and finally summarize and output vulnerability scanning reports. The common forms of web vulnerability scanners are stand-alone software, distributed cloud-based scanners and hardware scanning devices. This kind of tool is easy to operate and effective, and is often used by hackers to attack websites. [0003] When a web scanner performs a scanning task, it has certain characteristics. Based on these characteristics, the web application firewall can identify different scanners or scanning behaviors. The core of the traditional device anti-scanning technology is to extract firewall ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1433
Inventor 董永信
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap