Method and device for detecting malicious script file

A malicious script and script file technology, applied in the field of information security, can solve the problems of low security of malicious script file web server and easy false negatives in detection methods.

Active Publication Date: 2017-06-09
ALIBABA GRP HLDG LTD
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present application provides a method and device for detecting malicious script files, to at least solve the technical problem of low security of the webpage server due to the fact that the detection method of malicious script files based on static feature extraction tends to miss potential malicious script files

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting malicious script file
  • Method and device for detecting malicious script file
  • Method and device for detecting malicious script file

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0018] According to the embodiment of the present application, a method embodiment of a method for detecting malicious script files is also provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be implemented in a computer system such as a set of computer-executable instructions and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0019] The method embodiment provided in Embodiment 1 of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Take running on a computer terminal as an example, figure 1 It is a block diagram of the hardware structure of a computer terminal according to a method for detecting a malicious script file in the embodiment of the present application. Such as figure 1 As shown, the computer terminal 10 may include one or more...

Embodiment 2

[0054] According to the embodiment of the present application, an embodiment of a device for implementing the above method embodiment is also provided, and the device provided in the above embodiment of the present application can run on a computer terminal.

[0055] Figure 4 is a schematic structural diagram of a detection device for a malicious script file according to an embodiment of the present application.

[0056] Such as Figure 4 As shown, the apparatus for detecting malicious script files may include a monitoring unit 502 , a judging unit 504 and a determining unit 506 .

[0057] Wherein, the monitoring unit 502 is configured to monitor the function to be detected when the script file to be detected is executed during the execution of the obtained script file to be detected; the judging unit 504 is used to judge the function of the function to be detected Whether the input parameters are included in the pre-generated filling parameter data set, wherein the filling...

Embodiment 3

[0068] The embodiment of the present application also provides a storage medium. Optionally, in this embodiment, the above-mentioned storage medium may be used to store the program code executed by the method for detecting a malicious script file provided in the first embodiment above.

[0069] Optionally, in this embodiment, the above-mentioned storage medium may be located in any computer terminal in the group of computer terminals in the computer network, or in any mobile terminal in the group of mobile terminals.

[0070] Optionally, in this embodiment, the storage medium is configured to store program codes for executing the following steps: during the process of executing the obtained script file to be detected, monitor the script file called when running the script file to be detected The function to be detected; judging whether the input parameters of the function to be detected are included in the pre-generated filling parameter data set, wherein the filling parameter...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The application of the invention discloses a method and device for detecting a malicious script file. The method comprises the following steps: in the process of executing the acquired script file to be detected, monitoring the invoked function to be detected when running the script file to be detected; judging whether an input parameter of the function to be detected is included in a pre-generated filling parameter data set, wherein the filling parameter data set includes filling parameters for page interaction, the filling parameters are generated based on a pre-hooked default function and a default interpretation engine, the default function is used for inputting the filling parameters, and the default interpretation engine is used for detecting whether the filling parameters need to be input; if the input parameters are included in the filling parameter data set, determining that the script file to be detected is the malicious script file. The application of the invention solves the technical problem of low security of a web server caused by the situation that the malicious script file detection method based on static feature extraction easily fails to report a hidden malicious script file.

Description

technical field [0001] The present application relates to the field of information security, in particular, to a method and device for detecting malicious script files. Background technique [0002] After the web server is hacked, a malicious script file is usually implanted as a backdoor used by hackers. The commonly used website building languages ​​PHP (Hypertext Preprocessor, Hypertext Preprocessor), ASP (Active Server Page, Dynamic Server Pages), JSP (Java Server Pages, Java Service Pages) will have corresponding malicious script files, among them, PHP changes do many. The syntax of PHP is flexible, and different scripts can be used for the same implementation, which makes it more difficult to detect traditional PHP malicious script files. [0003] The current malicious script file detection mostly uses the static feature extraction method. However, its detection effect on potential malicious script files (such as deformed PHP malicious script files) is not good, so i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 邵睿
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products