Construction method of URL-based classification model and Webshell attack website detection method

A technology of classification model and construction method, applied in the Internet field, can solve the problem that WebShell is difficult to find, and achieve the effect of reducing cost and improving detection efficiency

Active Publication Date: 2018-04-06
BEIJING KNOWNSEC INFORMATION TECH
View PDF8 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This detection mainly relies on the accumulation of existing WebShell attacks, an

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Construction method of URL-based classification model and Webshell attack website detection method
  • Construction method of URL-based classification model and Webshell attack website detection method
  • Construction method of URL-based classification model and Webshell attack website detection method

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0032] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0033] figure 1 A schematic diagram of a network request processing system 100 according to an embodiment of the present invention is shown. like figure 1 As shown, the system includes a plurality of clients 110 (such as clients 1-m), a CDN (Content Delivery Network, content distribution network) node 120, a firewall (WAF) node 130, a data storage device 140, a computing device 150 and Multiple web sites 160 in the backend (eg, w...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a construction method of a URL-based classification model, implemented in a computing device. The method comprises the following steps: separately obtaining multiple pieces ofaccess logs of normal access websites and a Webshell attack website to serve as positive sample data and negative sample data, whrein each piece of access log comprises URI of request resources and access data associated with the URI; extracting multiple pieces of access logs of the same URI from the positive sample data and the negative sample data, and calculating a plurality of URI feature values of the URI according to the access data of the multiple pieces of access logs, and constructing the plurality of URI feature values as a URI feature vector; generating a first positive/negative sample set according to the URI feature vectors of the URI in the positive/negative sample data and the corresponding positive sample identifiers, and generating a first training set according to the twosample sets; and with the URI feature vectors of samples in the first training set as input and with the sample identifiers as output, training the first training set by using a predetermined algorithm to obtain the URL-based classification model.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a method for constructing a URI-based classification model, a method for detecting a Webshell attacking a website, and a computing device. Background technique [0002] Webshell is a command execution environment that exists in the form of webpage files such as asp, php, jsp, cgi, etc., and can also be called a webpage backdoor. After an intruder invades a website, they often place Webshell backdoor files in the WEB directory of the WEB server, and mix them with normal files in the WEB directory of the WEB server, making it difficult to be found. Intruders can use WEB to access the Webshell to obtain the command execution environment to achieve the purpose of controlling the website or WEB server. The operations that can be performed include uploading and downloading files, viewing databases, and executing arbitrary program commands. [0003] The data exchanged by the remot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 陈金战杨旭张通
Owner BEIJING KNOWNSEC INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products