Method and apparatus for detecting WebShell file

A detection method and document technology, applied in the field of network security, can solve the problem of high false positive rate and false negative rate, and achieve the effect of low false positive rate, high efficiency, and security assurance.

Active Publication Date: 2017-04-19
BEIJING ANPRO INFORMATION TECH
View PDF3 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Furthermore, many WebShell files are currently encrypted, deformed, confused, etc. in order to evade the detection and killing of anti-vi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for detecting WebShell file
  • Method and apparatus for detecting WebShell file
  • Method and apparatus for detecting WebShell file

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0143] Assume that in a C / S mode application written in C language, the management terminal is a terminal computer M with Windows as the operating system, the agent terminal is a server S with Linux as the system, the current user is Admin, and the login management Terminal M, and connected to the proxy terminal S, the user can scan the website WebShell.

[0144] Assume that the user Admin chooses to scan the website directory www with WebShell, and the type of WebShell existing in the user's website directory is: one sentence WebShell file F. Specifically, the www directory is scanned to detect whether there is a WebShell file through the following steps:

[0145] 1) start:

[0146] 2) Transmission from the M terminal: perform a WebShell file scanning command on the www directory;

[0147] 3) The S terminal receives the incoming information from the M terminal, and scans the www directory according to the command;

[0148] 4) Obtain the file information under the directory,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and apparatus for detecting a WebShell file. According to the method, on the basis of variable backtracking and an abstract syntax tree, webshell detection is carried out on a plurality of files in a catalogue; a suspicious file screening process, a feature matching detection process, an abstract syntax tree analysis and detection process, an irrelevant code removing process and a mathematical formula detection process are executed successively and then a determined webshell file is outputted. In addition, the detection apparatus comprises a suspicious file screening unit, a feature matching unit, an abstract syntax tree detection analysis unit, an irrelevant code removing unit, and a mathematical formula detection unit; and the units are used for realizing webshell file detection. According to the technical scheme disclosed by the invention, webshell detection can be realized comprehensively, systematically, rapid, and accurately; the detection efficiency is high; and the false alarm rate is low; and thus web service security can be guaranteed.

Description

technical field [0001] The invention belongs to the technical field of network security and relates to WebShell file detection, in particular to a method and device for Webshell detection based on variable backtracking and an abstract syntax tree. Background technique [0002] WebShell is a common web backdoor, which is often used by attackers to obtain the operation authority of the web server. When attackers invade a website, they usually place the WebShell file together with normal webpages in the Web directory, and then access the WebShell file through a browser to obtain the command execution environment and finally achieve the purpose of controlling the website server. When the website server is controlled, you can view the database, upload and download files, and execute arbitrary program commands on it. WebShell has the same operating environment and service port as normal web pages. It exchanges data with the remote host through the http protocol (usually port 80),...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 张涛宁戈高申
Owner BEIJING ANPRO INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap