Unlock instant, AI-driven research and patent intelligence for your innovation.

A webshell detection method and device

A detection method and technology to be tested, applied in the computer field, can solve problems such as log detection lag, achieve the effects of improving accuracy and work efficiency, and reducing maintenance costs

Active Publication Date: 2021-09-07
东巽科技(北京)有限公司 +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Log detection has its lag, and effective preventive measures cannot be taken in time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A webshell detection method and device
  • A webshell detection method and device
  • A webshell detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] Embodiment 1 of the present invention provides a webshell detection method, specifically as figure 1 as shown, figure 1 A schematic flow chart of a webshell detection method provided by an embodiment of the present invention, the method includes:

[0024] Step 110, converting the content in the web script file to be tested into an abstract syntax tree.

[0025] Step 120, extracting feature vectors of the abstract syntax tree.

[0026] Step 130, substituting the feature vector into a preset machine learning algorithm to determine whether the web script file to be tested is a webshell file or a normal web script file.

[0027] Optionally, the content in the web script file to be tested may be an operation code of the web script file. And converting the content in the web script file to be tested into an abstract syntax tree may include:

[0028] Collect the opcodes in the web script file to be tested. The opcodes are then converted to an abstract syntax tree.

[002...

Embodiment 2

[0045] Corresponding to the above-mentioned embodiment 1, embodiment 2 of the present invention provides a webshell detection device, specifically as image 3 as shown, image 3 It is a schematic structural diagram of a webshell detection device provided by an embodiment of the present invention, and the device includes: a conversion unit 301 , an extraction unit 302 and a processing unit 303 .

[0046] The conversion unit 301 is configured to convert the content in the web script file to be tested into an abstract syntax tree.

[0047] The extracting unit 302 is configured to extract feature vectors of the abstract syntax tree.

[0048] The processing unit 303 is configured to substitute the feature vector into a preset machine learning algorithm to determine whether the web script file to be tested is a webshell file or a normal web script file.

[0049] Optionally, the processing unit 303 is specifically configured to: substitute the feature vector into a preset machine l...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present invention discloses a webshell detection method and device. The method includes: converting the content in the web script file to be tested into an abstract syntax tree; extracting the feature vector of the abstract syntax tree; substituting the feature vector into a preset In the machine learning algorithm, it is determined that the web script file to be tested is a webshell file or a normal web script file. Convert the content in the web script file to be tested into an abstract syntax tree. After the feature vector in the abstract syntax tree is extracted, the feature vector is substituted into a preset machine learning algorithm, and the web script file to be tested is determined to be a webshell file or a normal web script file. Through the above method, it is possible to easily determine the statements, functions, function sources, and the relationship between the statements in the web script file. That is, it is the most essential information in the web script file, which can also improve accuracy and work efficiency, and reduce maintenance costs.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a webshell detection method and device. Background technique [0002] Existing webshell detection methods include two categories, network detection and script file detection. Wherein, the network detection is an interactive process of analyzing dynamically generated web pages and HTTP messages. The script file detection includes static detection, dynamic detection and log file detection. [0003] Network detection needs to deploy network traffic bypass hardware devices or deploy special software on the gateway. Compared with files, the investment cost is relatively high, and the hardware and software performance requirements are high. This detection method needs to filter a huge amount of network data to capture the Webshell uploaded by the attacker, or the interaction data between the attacker and the Webshell. This kind of detection can only locate the Webshell being used ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08G06F21/56
CPCG06F21/563H04L63/1416H04L63/1441H04L67/02
Inventor 李薛张研江志华
Owner 东巽科技(北京)有限公司