Webshell detection method and apparatus based on total access log analysis

A log and backdoor technology, applied in the field of network security, to reduce false negatives

Active Publication Date: 2016-09-07
CHINA UNIONPAY
View PDF7 Cites 41 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In order to solve the problems of the prior art, the present invention proposes a website backdoor detection method and device based on full access log analysis. This technical solution extracts and analyzes the behavior characteristics of the website backdoor, and is suitable for detecting backdoor deformed files directly uploaded by hackers. , encrypted files, backdoor files embedded in normal files, etc., making up for the shortcomings of website backdoor detection methods such as file hash comparison and common function comparison

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method and apparatus based on total access log analysis
  • Webshell detection method and apparatus based on total access log analysis
  • Webshell detection method and apparatus based on total access log analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0048] The working principle of this technical solution: In order to solve the problems existing in the existing website backdoor detection method based on file content and returned data characteristics, this technical solution obtains the full access log of the website by mirroring Internet access traffic, without modifying Apache, IIS, etc. The WEB Server module realizes the recording of key information such as POST parameter content and HTTP full message heade...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a webshell detection method and apparatus based on total access log analysis. The method includes that the total access log of a website are obtained; the total access log is subjected to characteristic analysis, the request parameters, message headers, and returned data content in the total access log are subjected to regular matching with the behavior characteristic database of the webshell, and the matched corresponding webshell files in the total access log are determined as suspected back-door files. The webshell behavior types, names, and the corresponding total access log of the suspected webshell files are sent to a log server and are alarmed. The method is suitable for detecting the scenes that hackers control the directly uploaded webshell deformed files and encrypted files, and embed the webshell files to normal files to carry out attacks, and makes up the defects of file hash comparison, common function comparison or other webshell detection methods.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a website backdoor detection method and device based on full access log analysis. Background technique [0002] Website backdoor (also called webpage backdoor, WEB backdoor, WEBSHELL) is a command execution environment that exists in the form of webpage files such as asp, php, jsp or cgi. After hackers invade a website, they usually mix the website backdoor files with the normal webpage files in the website server WEB directory, and then use a browser or special client software to access the backdoor and obtain a command execution environment to achieve To control the purpose of the web server. [0003] The application number is: 201310423483.1, which discloses a detection method and system of WebShell. The technical scheme detects through the following ideas: collecting server access logs, analyzing and extracting URLs with suspicious access behaviors; According to th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 丁玲明周恒磊邓乐孙会林
Owner CHINA UNIONPAY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap