A detection method and system for a rasp-based PHP deformation webshell

A detection system and detection method technology, applied in the field of information security, can solve the problems of large performance loss, high false negative rate and false positive rate, and increased static detection false negative rate, so as to achieve small performance loss and reduce false negative rate. and the effect of false positive rate

Active Publication Date: 2021-09-24
湖南鼎源蓝剑信息科技有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the deformation of the webshell, the false negative rate of static detection continues to increase; compared with static detection, although the dynamic detection effect is better, there is still a high rate of false positives and false positives, and the performance loss caused by dynamic detection is relatively high. Big

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A detection method and system for a rasp-based PHP deformation webshell
  • A detection method and system for a rasp-based PHP deformation webshell
  • A detection method and system for a rasp-based PHP deformation webshell

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0055] figure 1 Shown is the flow process of method provided by the present invention; The specific embodiment of the present invention is as follows:

[0056] 1. Obtain the code files in all the directories of the web server, and process each code file by the "preliminary calculation module", and then obtain the value, and the code files with larger values ​​will be focused on in the subsequent process.

[0057] The specific calculation details of the "preliminary calculation module" are:

[0058] 1) Count the number of characters between two adjacent spaces to form a set of data representing the distribution of spaces, and then compare this set of data with the normal space distribution range (3, 8) to calculate the degree of deviation.

[0059] The method of calculating the degree of deviation adopted by this program is the improved standard deviation, and the average number of the original formula of the standard deviation is replaced by the above-mentioned normal range (...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method and system of a RASP-based PHP deformed webshell. For the detection system, by deploying RASP probes, it is detected that the programming language is a deformed webshell of PHP; including: a preliminary detection module, a context acquisition module, and a marked Parameter monitoring module, judging module, post-analysis module and after-the-fact traceability module; Utilize the technical scheme provided by the present invention, deformed webshell can be blocked by preliminary detection module and RASP, greatly reduce the false positive rate and false positive rate of webshell detection; And utilize Tracking and monitoring by RASP can better understand the causes of vulnerabilities, so as to apply patches for vulnerabilities; through reasonable deployment of probes, 0day vulnerabilities can also be discovered to prevent problems before they happen. In addition, the performance loss of the present invention is very small, and can be widely used.

Description

technical field [0001] The invention relates to the field of information security, in particular to a RASP-based PHP deformation webshell detection method and system. Background technique [0002] In recent years, webshell security incidents have occurred frequently, causing huge losses to production and living activities. Currently, webshell detection methods are mainly divided into two categories: static detection and dynamic detection. Due to the deformation of the webshell, the false negative rate of static detection continues to increase; compared with static detection, although the dynamic detection effect is better, there is still a high rate of false positives and false positives, and the performance loss caused by dynamic detection is relatively high. Big. [0003] RASP (Runtime Application self-protection) is runtime application self-protection. RSAP injects itself into the application program, integrates with the application program, monitors in real time, and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
CPCG06F11/3608G06F11/3612G06F11/366
Inventor 文伟平叶晓亮张汉张涛
Owner 湖南鼎源蓝剑信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap