Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detection of malignant document

A malicious file and detection method technology, applied in the computer field, can solve the problems of low detection accuracy of WEBSHELL detection engine, missed detection of WEBSHELL detection engine, and inability to cover WEBSHELL, etc., so as to improve detection accuracy and detection efficiency and reduce detection complexity The effect of reducing the cost of operation and maintenance in the later stage

Inactive Publication Date: 2017-08-29
ALIBABA GRP HLDG LTD
View PDF3 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, whether it is a character string or a regular rule, its configuration method depends too much on the understanding of the management personnel on the PHP language itself and the deformation method of WEBSHELL, and there is a certain degree of subjectivity. Therefore, the WEBSHELL detection engine uses the preset string and Regular rules cannot cover all types of WEBSHELL when checking WEBSHELL, and there are certain missed detection procedures.
[0005] On the other hand, there are still a large number of "bypass" technologies, that is, through special grammatical structures, to avoid the detection of WEBSHELL detection engine, which will also cause missed detection by WEBSHELL detection engine
[0006] It can be seen that under the existing technology, the detection accuracy of the WEBSHELL detection engine is not high and needs to be optimized

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detection of malignant document
  • Method and device for detection of malignant document
  • Method and device for detection of malignant document

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] In order to improve the detection accuracy of WEBSHELL, in the embodiment of this application, based on the understanding of the nature of WEBSHELL deformation, a detection method based on the PHP virtual machine sandbox is redesigned, that is, the taint mark is set for the specified input parameters in advance, and then through Insert the Hook detection code into the target function in the target script file to detect whether the target function uses an input parameter with a taint mark, and judge whether the target script file contains WEBSHELL according to the detection result.

[0060] Preferred embodiments of the present application will be described in detail below in conjunction with the accompanying drawings.

[0061] At present, although the popular WEBSHELL evolves in various ways, after summarizing, it is found that they all have some common characteristics:

[0062] 1) Receive a superglobal variable as an input parameter.

[0063] 2) In the command executio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The application relates to computer technologies and discloses a method and device for detection of a malignant document. The method and device are used to increase detection accuracy of WEBSHELL. The method comprises the steps that a stain mark is set for a key parameter; the key parameter is then taken as an input parameter to execute a target script document; and through Hook of a key function in the target script document, whether the key parameter with the set spot mark is used during key function execution can be judged. In this way, whether deformed WEBSHELL exists in the target script document can be judged. Hence, running keys of the WEBSHELL can be grasped from the essence of the WEBSHELL; no matter how the WEBSHELL gets deformed, the WEBSHELL can be detected accurately; detection accuracy and detection efficiency are increased effectively; leak detection and wrong reporting are avoided; and meanwhile, detection complexity and later-stage running maintenance cost are also reduced.

Description

technical field [0001] The present application relates to computer technology, in particular to a method and device for detecting malicious files. Background technique [0002] The Hypertext Preprocessor (PHP) language is a weakly typed programming language that supports a large number of flexible syntax formats. Malicious attackers who are proficient in the PHP programming language can write a large number of web pages by making full use of the language features of PHP. The backdoor (WEBSHELL) file attacks the target script file. [0003] Under the existing technology, the cloud server usually uses the WEBSHELL detection engine to detect WEBSHELL at the host level, and the operating principle of the WEBSHELL detection engine is to check the target script file based on preset strings and regular rules to determine whether it contains There is WEBSHELL. [0004] However, whether it is a character string or a regular rule, its configuration method depends too much on the und...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 郑瀚
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com