Webshell detection method and device

A detection method and detection device technology, applied in the field of information security, can solve problems such as deficiencies, and achieve the effect of improving the accuracy rate

Active Publication Date: 2021-03-09
SANGFOR TECH INC
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The main purpose of the present invention is to provide a method and device for WebShell detection, aiming to solve the technical problems of deficiencies in the existing WebShell detection technology through a new WebShell detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method and device
  • Webshell detection method and device
  • Webshell detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0062] refer to figure 1 , figure 1 It is a schematic flowchart of the first embodiment of the WebShell detection method of the present invention. In this embodiment, the WebShell detection method includes:

[0063] Step S10, detecting the traffic data between the server and the client to determine whether there is suspicious data with WebShell characteristics or WebShell behavior characteristics in the traffic data, wherein, if there is suspicious data with WebShell characteristics in the traffic data, Then it is determined that WebShell exists in the traffic data;

[0064] WebShells are often overtly interactive. For example, when using WebShell for file management, the general process is: the intruder lists the directories and files on the server through WebShell, and then further decides to download some of th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a WebShell detection method, comprising: detecting traffic data between a server and a client to judge whether there is suspicious data with WebShell characteristics or WebShell behavior characteristics in the traffic data, wherein, if the traffic data If there is suspicious data with WebShell characteristics in the traffic data, it is determined that WebShell exists in the traffic data; if there is suspicious data with WebShell behavior characteristics in the traffic data, analyze the WebShell behavior characteristics corresponding to the suspicious data, and according to the analysis results , to determine whether there is a WebShell in the traffic data. The invention also discloses a WebShell detection device. The invention is based on traffic detection and operation behavior analysis, so as to realize the detection of WebShell to prevent the server from being invaded and ensure the data security on the server.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a WebShell detection method and device. Background technique [0002] WebShell is a backdoor program installed after a website is successfully invaded, so that the intruder can easily control the compromised host (or server) to steal sensitive data or credentials or serve as a springboard for attacking intranet hosts. WebShell is often disguised as a normal website program. If the installed WebShell cannot be found, even if the vulnerability of the website is repaired, the intruder can still use the WebShell hidden in the website program to continue to control the invaded host. Therefore, it is of great significance to detect the installed WebShell. [0003] At present, the existing technology mainly uses the following methods to detect or defend against WebShell: [0004] 1. Directly detect the source code of the WebShell file, but because most of the WebShell is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 杨力
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap