File risk detection method and device

A risk detection and file technology, applied in the field of communication, can solve problems such as missed detection, low detection accuracy, and inability to effectively guarantee the security of website servers, so as to avoid missed detection, improve detection accuracy, and improve real-time performance Effect
CN110210221AActive Publication Date: 2019-09-06TENCENT TECH (SHENZHEN) CO LTD
4 Cites 4 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
TENCENT TECH (SHENZHEN) CO LTD
Publication Date
2019-09-06

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The embodiment of the invention discloses a file risk detection method and device, and the method comprises the steps: obtaining a webpage file when detecting that the webpage file is abnormal; performing file label analysis on the webpage file to obtain multi-dimensional file feature data of the webpage file; performing global information integration on the multi-dimensional file feature data ofthe webpage file according to pre-acquired whole network file feature statistical information to obtain multi-dimensional file risk information; and when the multi-dimensional file risk information reaches a preset requirement, determining that the webpage file is a malicious webpage file. According to the embodiment of the invention, the malicious degree of the file can be analyzed without depending on the file content, whether the webpage file is malicious or not is effectively confirmed, the missed detection condition of the webpage file is avoided, the detection accuracy is improved, and meanwhile, better real-time performance is achieved.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the field of communication technology, in particular to a file risk detection method and device. Background technique

[0002] Webshell refers to dynamic server pages (Active Server Pages, ASP), hypertext preprocessor (Hypertext Preprocessor, PHP), java server pages (Java Server Pages, JSP) or common gateway interface (Common Gateway Interface, CGI), etc. A command execution environment in the form of a web page file, which can also be called a web page backdoor. After an intruder invades a website, they usually mix backdoor files such as ASP or PHP with normal webpage files in the directory of the website server, and then use a browser to access backdoor files such as ASP or PHP to get a command to execute Environment, through the Webshell to obtain a certain degree of operating authority to the website server, so as to achieve the purpose of controlling the website server.

[0003] In the prior art, the detection of Webshel...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More