Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Web Trojan detection method and system

A detection method and Trojan horse technology, which is applied in the computer field, can solve the problems of confusing Trojan horses and low dynamic detection efficiency, and achieve the effects of reducing missed detection rate and false positive rate, overcoming missed detection and low dynamic detection efficiency

Inactive Publication Date: 2020-08-25
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF6 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In order to overcome the defects of the above-mentioned prior art, the technical problem to be solved in the present invention is to provide a WEB Trojan horse detection method and system, in order to overcome the defects of missed detection and low dynamic detection efficiency using static matching mode detection, and realize detection of hidden Problems with detection of Trojans in redirect chains and obfuscated pages

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web Trojan detection method and system
  • Web Trojan detection method and system
  • Web Trojan detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041]目前,由于攻击者会混淆他们的网页使得检测变得更加困难,在许多情况下,他们会躲避那些基于特征的系统。

[0042]有时,攻击者也经常会利用一种隐身技术来隐藏他们开发。这种技术是利用用户的浏览器指纹,只有当用户安装了特殊版本的浏览器或者安装了有漏洞的插件的时候恶意内容才会暴露。这种隐身技术使得动态监测方法的难度更大,因为防御软件需要运行所有浏览器和插件的组合,才能全确保完全覆盖(或者是利用特殊技术满足这种需求)。防御者还要精心制作他们的路由器,来隐藏他们的通信资源。

[0043]有时,大多数动态检测技术都引入了相当多的特殊浏览器,使得这些方法大都很难在线进行检测。

[0044]基于上述发现,本发明针对现在WEB木马传播的特点以及检测过程中遇到的难点提出了一种基于重定向链和特征统计结合的WEB木马检测的方法。该方法在提取特征的基础上,提出基于SVM的木马检测分类器,该分类器利用训练数据提取的重定向链和页面统计特征形成分类模型,来检测WEB木马。这种检测方式克服了传统利用静态匹配方式检测的漏检以及动态检测效率低的缺陷,实现了对隐藏在重定向链以及混淆页面中的木马的检测。以下结合附图以及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本发明,并不限定本发明。

[0045]本发明实施例中一种WEB木马检测方法,包括:

[0046]S101,选取重定向链特征和页面统计特征作为网页木马检测的分类特征;

[0047]S102,获取样本集,所述样本集包括多个正样本和多个负样本;其中多个指代大于1个,样本的数量可以根据实际设置,在此不做具体限定。

[0048]S103,提取每个样本的分类特征值,并基于提取的每个分类特征值对所述样本集进行网页木马分类训练,得到分类模型;

[0049]S104,提取待测网页的分类特征值,将提取的待测网页分类特征值输入到所述分类模型中对所述待测网页进行分类检测。

[0050]在本发明的一个实施方式中,所述重定向链特征包括重定向链的长度特征、URL相似度特征、内部域名特征、自循环特征和域名的IP特征;

[0051]所述页面统计特征包括标签个数、标签个数、eval()函数统计出现的次数、unescape()和escape()函数的个数、decode和encode函数个数以及document.write()函数个数。

[0052]进一步说,提...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a WEB trojan horse detection method and system, which is used for overcoming the defects of missing detection and low dynamic detection efficiency of detection in a static matching mode, and solving the problem in detection of trojan horses hidden in a. redirection link and a confusion page. The method comprises the steps of selecting a redirection link feature and a page statistics feature as classification features of webpage trojan horse detection; obtaining a sample set, wherein the sample set comprises a plurality of positive samples and a plurality of negative samples; extracting a classification eigenvalue of each sample, and based on each extracted classification eigenvalue, performing webpage trojan horse classification training on the sample set to obtain a classification model; and extracting a classification eigenvalue of a to-be-detected webpage, and inputting the extracted classification eigenvalue of the to-be-detected webpage to the classification model to perform classification detection on the to-be-detected webpage.

Description

technical field [0001] The invention relates to the field of computers, in particular to a WEB Trojan horse detection method and system. Background technique [0002] In recent years, the rapid development of the Internet has provided great help for people to obtain effective real-time information and resources, satisfied the public's desire to view the world without leaving home, and gradually become an essential part of people's lives. The advancement of network technology has become a dominant factor in our lives, and our daily activities have relied on the Internet, such as personal entertainment, medical activities, banking and financial activities, and other aspects of life. In order to maintain this advancement, a large number of functional measures have been added to modern browsers, but these advancements have also brought a large number of flaws. These loopholes and flaws will gradually become hidden dangers and be exploited by more people with evil plans. Malici...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/034
Inventor 徐晓燕李高超周渊
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com