Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Webshell detection method and device, computer device, readable storage medium

A detection method and computer program technology, applied in the field of Internet security, can solve the problems of poor detection effect, poor real-time performance and high cost, and achieve the effect of fast and effective detection and avoid data loss

Active Publication Date: 2017-10-27
SANGFOR TECH INC
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, since the development of webshell detection technology, more emphasis has been placed on web host detection and network detection: 1. Host detection requires installation of detection and killing tools or software on the website server. The main technologies used include static feature library skin matching and file creation. And modification time monitoring, longest word detection, coincidence index detection, information entropy detection, file compression ratio detection, hook risk function, etc. This detection method is relatively mature, but the real-time performance is not good; 2. Network detection, that is, network traffic characteristics Matching is reflected in the matching of the transmission traffic characteristics of the webshell's own code and the communication traffic characteristics of the webshell during execution. The network traffic characteristic matching method is simple and the inspection is quick, but complex semantic analysis requires large resources and high costs, and for uploaded Poor detection after webshell

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method and device, computer device, readable storage medium
  • Webshell detection method and device, computer device, readable storage medium
  • Webshell detection method and device, computer device, readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] The embodiment of the present invention provides a Webshell detection method and device, a computer device, and a readable storage medium, which are used to quickly and effectively realize Webshell detection.

[0068] In order to enable those skilled in the art to better understand the solutions of the present invention, the following describes the technical solutions in the embodiments of the present invention clearly and completely. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of them. 的实施例。 Example. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.

[0069] The terms "first", "second", "third", "fourth", etc. (if any) in the description and claims of the present invention and the above-mentioned drawings are used to distinguish similar objects, without having t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a Webshell detection method and device, a computer device, and a readable storage medium for quickly and effectively realizing the detection of Webshell. The method of the embodiment comprises a step of obtaining an access log which comprises Http request information initialized by a browser to a Web service system, data request information initialized by the Web service system to a database system based on the Http request information, data response information fed by the database system to the Web service system based on the data request information, and Http response information fed by the Web service system to the browser based on the data response information, a step of extracting the Http response information from the access log, a step of detecting whether the Http response information comprises sensitive information of the database system or not, and a step of determining a condition that the Http response information points at the Webshell.

Description

Technical field [0001] The present invention relates to the field of Internet security technology, in particular to a Webshell detection method and device, a computer device, and a readable storage medium. Background technique [0002] General data intrusion is to control the web system first, and then access the database through the web system to steal data. Since the identity of the visitor is legal when accessing through the web system, the firewall cannot recognize that this is an abnormal access, so it cannot defend against other types of attacks. Therefore, it is very important for database security products to have the ability to recognize webshell behavior. [0003] However, the development of webshell detection technology has focused more on web host detection and network detection: 1. Host detection requires installing detection and killing tools or software on the website server. The main techniques used are static feature library matching and file creation. And modifi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L29/06G06F17/30
CPCG06F16/972H04L63/1425H04L67/02
Inventor 徐猛
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com