Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A detection method, device, medium and equipment for abnormal behavior access on the World Wide Web

A technology of normal access and behavior, applied in the field of detection of abnormal behavior access on the World Wide Web, can solve problems such as heavy workload, slow speed, and difficult detection by Web scanners, and achieve the effect of increasing speed

Active Publication Date: 2021-04-16
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] At present, some WEB accesses with abnormal behaviors include: accessing webpage backdoor (Webshell), bypassing authentication, horizontal authority overreach, vertical authority overreach, and path traversal, etc. Web scanners are difficult to detect. Existing methods mainly rely on manual analysis of Web access logs to find abnormal behavior, which is slow and requires a huge workload.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A detection method, device, medium and equipment for abnormal behavior access on the World Wide Web
  • A detection method, device, medium and equipment for abnormal behavior access on the World Wide Web
  • A detection method, device, medium and equipment for abnormal behavior access on the World Wide Web

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] like figure 1 As shown, it is a flow chart of the steps of the method for detecting abnormal web behavior access provided by Embodiment 1 of the present invention. The method includes the following steps:

[0030] Step 101, receiving an access log.

[0031] In this step, access logs within a first set period of time, for example, one week, may be received. The access log can include the access status of each page in the website, such as access to Internet protocol (IP) address, access to uniform resource locator (URL), access to jump link relationship (referer), access to user agent (UA, User Agent) , access time, site domain name, request method, etc.

[0032] Step 102, performing directed graph comparison.

[0033] In this step, the same access path as the start page node of an access path in the temporary business directed graph, the end page node and the historical business backbone directed graph, can be determined as a normal access path; and determine the temp...

Embodiment 2

[0144] like Image 6 As shown, it is a flow chart of the steps of the method for detecting abnormal behavior access on the World Wide Web provided by Embodiment 2 of the present invention. The method includes the following steps:

[0145] Step 201, receiving an access log.

[0146] In this step, access logs can be received in units of one day.

[0147] Step 202, judging whether the time threshold is reached.

[0148] It is judged whether the time span of the received access log reaches a time threshold, for example, 30 days. If yes, go to step 204; otherwise, go to step 203.

[0149] Step 203, determine or update the directed graph of historical service trunks.

[0150] In this step, the directed graph of historical service backbones may be determined or updated according to the received access logs. Specifically, the directed graph of historical business trunks may be stored in the database.

[0151] Step 204, determine volatility.

[0152] When the time span reaches t...

Embodiment 3

[0175] like Figure 7 As shown, it is a schematic structural diagram of a detection device for abnormal behavior access on the World Wide Web provided by Embodiment 3 of the present invention. The device can be applied to the server side. The device includes a receiving module 11, a detection module 12 and a marking module 13, wherein:

[0176] The receiving module 11 is used to obtain the access log and determine the temporary business directed graph;

[0177] The detection module 12 is used to determine the same access path as a normal access path between the destination page node and the starting page node of an access path in the historical business trunk directed graph in the temporary service directed graph; and, determine the temporary Whether the access paths starting from the same node in the business directed graph and the historical business backbone directed graph are the same;

[0178] The marking module 13 is configured to determine that the temporary access pat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of network security, in particular to a method, device, medium and equipment for detecting abnormal behavior access of World Wide Web (WEB, World Wide Web). Determine the temporary business directed graph according to the access log received in real time, compare it with the historical business trunk directed graph determined according to the historical access log, and determine whether there is an abnormal behavior access path in the access path. Since the access path in the directed graph of the historical business trunk is the business trunk path obtained by removing redundant paths that have no business meaning, it can effectively detect backdoor access to webpages, bypass verification, and horizontal authority overreach when the access path changes. , Abnormal behavior access such as vertical unauthorized access and path traversal, compared with manual detection, it improves the speed of WEB abnormal behavior access detection.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method, device, medium and equipment for detecting abnormal behavior access of World Wide Web (WEB, World Wide Web). Background technique [0002] At present, some WEB accesses with abnormal behaviors include: accessing webpage backdoor (Webshell), bypassing authentication, horizontal authority overreach, vertical authority overreach, and path traversal, etc. Web scanners are difficult to detect, and the existing methods mainly rely on manual analysis of Web access logs to find abnormal behavior, which is slow and has a huge workload. Contents of the invention [0003] The embodiment of the present invention provides a method, device, medium and equipment for detecting abnormal behavior access of the World Wide Web, which are used to improve the detection speed of abnormal behavior access of the WEB. [0004] A detection method for web abnormal behavior access, said method co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/30
Inventor 黑岩李昀磊陈方义王奇
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com