Deep learning WebShell protection method based on cloud WAF

A deep learning and algorithm technology, applied in electrical components, transmission systems, etc., can solve the problems of high false alarm rate and low WebShell performance, and achieve the effect of low false alarm rate, strong real-time performance, and avoiding occupation of traffic.

Inactive Publication Date: 2019-08-02
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF6 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The present invention solves the problems of low performance and high false negative rate in the protection of WebShell caused by the application of the technical means of protection through rules and the experience of senior web security personnel to identify malicious file upload behaviors in the prior art, and provides a An Optimized WebShell Protection Method Based on Deep Learning

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Deep learning WebShell protection method based on cloud WAF

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention will be described in further detail below in conjunction with the examples, but the protection scope of the present invention is not limited thereto.

[0024] The invention relates to a cloud WAF-based deep learning WebShell protection method, which is arranged on an nginx analysis server, predicts malicious file upload behaviors in real time according to text content, and simultaneously blocks the behaviors identified as malicious uploaded files in real time.

[0025] The invention mainly includes five parts: data collection, data preprocessing, algorithm template training, real-time prediction and blocking attack source.

[0026] The method includes the following steps.

[0027] Step 1: Collect equal amounts of normal text and WebShell text as positive samples and negative samples, respectively.

[0028] In the present invention, normal text and WebShell text are collected through the GitHub platform and the local WAF production environment.

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a deep learning WebShell protection method based on a cloud WAF. The method comprises the steps of collecting the equivalent normal text and the WebShell text as a positive sample and a negative sample respectively; preprocessing and then extracting features, training the features by adopting a deep learning algorithm to obtain a stable algorithm template, predicting the features by using the algorithm template, if the texts are predicted to be the WebShell texts, notifying a WAF module through a Redis module to carry out real-time blocking, and otherwise, passing. According to the present invention, the characteristics extracted from the positive sample and the negative sample are trained through deep learning, and the algorithm template with high precision is obtained; during prediction, the behavior of maliciously uploading the file is identified by utilizing the algorithm template, and the behavior of maliciously uploading the file is blocked in real time,so that the detection cost is low, the real-time performance is strong, the accuracy is high, the false alarm rate is low, the attack behavior initiated by hackers intentionally can be effectively prevented, and some unnecessary data packets are prevented from occupying the flow in the network.

Description

technical field [0001] The present invention relates to the transmission of digital information, such as the technical field of telegraph communication, in particular to a deep learning WebShell protection method based on cloud WAF. Background technique [0002] With the development of Internet technology, Web application systems have been widely used in government portals, e-commerce, Internet and other industries, which is convenient for life and work, but also brings hidden dangers to network security. [0003] When attackers intrude on the target website, they usually obtain files through various methods, so as to gain control of the enterprise website, and then facilitate subsequent intrusion behaviors. Common attack methods include direct upload and acquisition of WebShell, SQL injection, remote files containing RFI, FTP, and even using cross-site scripting (XSS) as part of the attack, as well as some older methods, such as using background database backup and restore ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1416H04L63/1441H04L63/168H04L67/06
Inventor 唐其彪范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap