Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device, medium and device for detecting abnormal behavior access of world wide web

A technology for normal access and behavior, applied in the field of abnormal behavior access detection on the World Wide Web, it can solve the problems of heavy workload, slow speed, and difficult detection by Web scanners, and achieve the effect of improving speed.

Active Publication Date: 2018-12-18
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF10 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] At present, some WEB accesses with abnormal behaviors include: accessing webpage backdoor (Webshell), bypassing authentication, horizontal authority overreach, vertical authority overreach, and path traversal, etc. Web scanners are difficult to detect. Existing methods mainly rely on manual analysis of Web access logs to find abnormal behavior, which is slow and requires a huge workload.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device, medium and device for detecting abnormal behavior access of world wide web
  • Method, device, medium and device for detecting abnormal behavior access of world wide web
  • Method, device, medium and device for detecting abnormal behavior access of world wide web

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] Such as figure 1 As shown, it is a flow chart of the steps of the method for detecting abnormal web behavior access provided by Embodiment 1 of the present invention. The method includes the following steps:

[0030] Step 101, receiving an access log.

[0031] In this step, access logs within a first set period of time, for example, one week, may be received. The access log can include the access status of each page in the website, such as access to Internet protocol (IP) address, access to uniform resource locator (URL), access to jump link relationship (referer), access to user agent (UA, User Agent) , access time, site domain name, request method, etc.

[0032] Step 102, performing directed graph comparison.

[0033] In this step, the same access path as the start page node of an access path in the temporary business directed graph, the end page node and the historical business backbone directed graph, can be determined as a normal access path; and determine the t...

Embodiment 2

[0144] Such as Image 6 As shown, it is a flow chart of the steps of the method for detecting abnormal behavior access on the World Wide Web provided by Embodiment 2 of the present invention. The method includes the following steps:

[0145] Step 201, receiving an access log.

[0146] In this step, access logs can be received in units of one day.

[0147] Step 202, judging whether the time threshold is reached.

[0148] It is judged whether the time span of the received access log reaches a time threshold, for example, 30 days. If yes, go to step 204; otherwise, go to step 203.

[0149] Step 203, determine or update the directed graph of historical service trunks.

[0150] In this step, the directed graph of historical service backbones may be determined or updated according to the received access logs. Specifically, the directed graph of historical business trunks may be stored in the database.

[0151] Step 204, determine volatility.

[0152] When the time span reache...

Embodiment 3

[0175] Such as Figure 7 As shown, it is a schematic structural diagram of a detection device for abnormal behavior access on the World Wide Web provided by Embodiment 3 of the present invention. The device can be applied to the server side. The device includes a receiving module 11, a detection module 12 and a marking module 13, wherein:

[0176] The receiving module 11 is used to obtain the access log and determine the temporary business directed graph;

[0177] The detection module 12 is used to determine the same access path as a normal access path between the destination page node and the starting page node of an access path in the historical business trunk directed graph in the temporary service directed graph; and, determine the temporary Whether the access paths starting from the same node in the business directed graph and the historical business backbone directed graph are the same;

[0178] The marking module 13 is configured to determine that the temporary access ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of network security, in particular to a method, a device, a medium and a device for detecting abnormal behavior access of a World Wide Web (World Wide Web). The temporary service directed graph is determined according to the access log received in real time, and the temporary service directed graph is compared with the historical service backbone directed graph determined according to the historical access log to determine whether there is an abnormal behavior access path in the access path. Because of the access paths in the historical business backbone directed graph is the backbone path after the redundant paths which have no service meaning to obtain are removed, so that when the access paths are changed, the abnormal behaviors such as webshell accessing, horizontal unauthorization, vertical unauthorization and path crossing can be can be detected effectively, and the speed of abnormal behaviors accessing detection of the web can be improved compared with that of manual detection.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method, device, medium and equipment for detecting abnormal behavior access of World Wide Web (WEB, World Wide Web). Background technique [0002] At present, some WEB accesses with abnormal behaviors include: accessing webpage backdoor (Webshell), bypassing authentication, horizontal authority overreach, vertical authority overreach, and path traversal, etc. Web scanners are difficult to detect, and the existing methods mainly rely on manual analysis of Web access logs to find abnormal behavior, which is slow and has a huge workload. Contents of the invention [0003] The embodiment of the present invention provides a method, device, medium and equipment for detecting abnormal behavior access of the World Wide Web, which are used to improve the detection speed of abnormal behavior access of the WEB. [0004] A detection method for web abnormal behavior access, said method co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/30
Inventor 黑岩李昀磊陈方义王奇
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com