A method for extracting webshell software gene based on RASP for webshell detection

An extraction method and gene technology, which is applied in the field of information security, can solve the problems of low accuracy of software genes, dependence of software genes on labor, and low accuracy, and achieve the effects of saving labor costs, small performance loss, and improving accuracy and efficiency

Active Publication Date: 2019-01-18
PEKING UNIV
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The existing methods for extracting software genes are mainly static analysis based on semantics and dynamic analysis combined with dynamic debugging. However, the existing methods for extracting software genes have not penetrated into the program, so the software genes extracted by the exist

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for extracting webshell software gene based on RASP for webshell detection

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0027] figure 1 Shown is the flow process of method provided by the present invention, and the specific embodiment of the present invention is as follows:

[0028] 1. Analyze the existing webshell, and extract its common software genes by using existing software gene extraction methods (mainly static analysis based on semantics and dynamic analysis combined with dynamic debugging).

[0029] 2. Determine the parameter input point of the detected system, extract the user's input, use the existing software gene extraction method to extract its software gene, and then improve and supplement according to the webshell common software gene extracted in step 1. For example, if some of the common genes extracted in step 1 are missing in the software genes extracted in step 2, the common genes are added to the genes in step 2; to make the genes more accurate, the genes are the static genes of the code to be detected.

[0030] The "static gene" only analyzes the user's input at the code...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for extracting webshell software gene based on RASP technology, which can be used for webshell detection by deploying label probes and deploying detection probes to extract webshell software gene. The method includes extracting common software genes of webshell from existing webshell, Determining the parameter input point of the code of the system to be detected, extracting the input parameter, extracting the software gene and perfecting it as the static gene of the code of the system to be detected; Deploying RASP: determining the parameter input point of thesystem code to be detected, and marking the parameter input by inserting a marker probe; Determining a function insertion point of the system to be detected, and deploying a detection probe; Acquiringthe context of the code to be detected inserted into the detection probe, and forming a behavior gene of the code to be detected according to the detection result of the detection probe; comparing the software gene with webshell gene bank and virus trojan gene bank to determine whether it is webshell or not. The invention can improve the accuracy and efficiency of detecting webshell, and can be widely applied.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method for extracting webshell software genes based on RASP technology for webshell detection. Background technique [0002] In recent years, the number of viruses and Trojan horses has grown rapidly, and the types have become increasingly complex, and the deformation of viruses and Trojan horses has become increasingly complex. The existing detection webshells are mainly static detection and dynamic detection. However, these detection methods have not penetrated into the program. The success rate of some webshell detection methods is low, and the existing detection methods rely heavily on manual work, so the detection efficiency is not ideal. It can be detected by a software-based gene detection method, which can overcome the above difficulties. [0003] The existing methods for extracting software genes are mainly static analysis based on semantics and dynamic a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36
CPCG06F11/3604
Inventor 文伟平叶晓亮
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap