Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method for confirming a WEB backdoor attack event

An attack event and backdoor technology, applied in electrical components, digital transmission systems, transmission systems, etc., can solve problems such as frequent page turning, misjudgment, and lack of authority for server operation and maintenance, to improve the recognition rate and accuracy, reduce The effect of alarm false alarm rate

Active Publication Date: 2018-12-18
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF9 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the above means have the following disadvantages: (1) security personnel may not be able to handle all WEB backdoor attack events on the network security protection equipment in time
Because analysts related to information security in actual work often do not have the authority to operate and maintain the server, and cannot log in to the server for troubleshooting in time
(2) Only relying on the analyst's own experience is often unable to accurately judge whether the backdoor attack is successful, and there may be misjudgments
(3) There are too many false alarms on the network security protection equipment, causing security personnel to frequently turn pages when analyzing alarm records, and it is easy to ignore important attack clues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for confirming a WEB backdoor attack event

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The specific implementation manners of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0026] The confirmation method of WEB backdoor attack event of the present invention comprises the following steps:

[0027] (1) Obtain the alarm log from the network security protection device, judge whether it is a WEB backdoor attack event alarm according to the type description field of the log, and discard if not; the network security protection device can refer to a firewall or an IDS device (Intrusion Detection System, Intrusion Detection Systems ).

[0028] (2) From the alarm log of WEB backdoor attack, take out the attack time, attacker IP, attacker port number, attacked IP, attacked domain name, attack request header and attack response header recorded in each alarm log one by one;

[0029] (3) Extract the target domain name or IP of the attack according to the attack response header, and compare the pre-configured se...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a network security protection technology, aiming at providing a method for confirming a WEB backdoor attack event. The method comprises: parsing a firewall, IDS, IPS and related WEB server log, extracting the log record of WEB backdoor attack type, and judging whether the attack of WEB backdoor is successful or not according to the attack time, attacker IP, attacker port number, attacked IP, attacked domain name, attack request header and attack response header recorded in each alarm log; returning the confirmation result to the appropriate network protection device and marking the confirmed WEB backdoor attack event as a successful attack event to the user. The invention can provide a more scientific confirmation means for the WEB backdoor attack event, improve the recognition rate and accuracy of the network security protection equipment to the WEB backdoor attack, and reduce the alarm false alarm rate of the successful confirmation attack.

Description

technical field [0001] The invention relates to network security protection technology, in particular to a method for confirming WEB backdoor attack events. Background technique [0002] WEB backdoor, called WebShell in English, refers to a webpage Trojan horse implemented by webpage codes for illegal purposes. Specifically, the attacker controls the entire WEB server by implanting a WEB backdoor, uploads and downloads files, and illegally tampers with files. [0003] With the increasing number of network attack incidents, the attack techniques and means of network hackers are becoming more and more sophisticated, and the open source hacking tools circulating on the Internet have reduced the cost of attacks. Therefore, there are countless illegal scanning, backdoor detection and other attack traffic every day. The logs on the firewall, IDS, and IPS devices are also the accumulation of tens of millions of attack data every day. The WEB backdoor attack incident is often the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08H04L12/24
CPCH04L41/069H04L63/1425H04L63/145H04L67/02
Inventor 王世晋范渊郝辰亮黄进
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products