Method and device for identifying script files

A script file and script technology, applied in the field of network security, can solve problems such as poor effectiveness, low accuracy of webshell file detection methods, and insufficient features

Inactive Publication Date: 2019-11-08
NEW H3C SECURITY TECH CO LTD
View PDF5 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the feature library in the prior art is uniformly set by technicians in advance, and the features included in the feature li

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for identifying script files
  • Method and device for identifying script files
  • Method and device for identifying script files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0104] The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0105] The embodiment of the present application provides a method for identifying a script file, and the method can be applied to a network device, and the network device can be a background server of a certain website, or can also be a security device of a certain website. The network device can be used to identify webshell files, that is, can be used to identify malicious script files.

[0106] Such as figure 1 As shown, the process of the method ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for identifying script files, and relates to the technical field of network security, and the method comprises the steps: obtaining a plurality of sample script files marked with labels; converting each sample script file into a machine instruction sequence; extracting a feature word combination from the machine instruction sequence of the sample script file to obtain a first feature set of the sample script file; for the first feature set, according to a preset word frequency feature algorithm, respectively calculating word frequency features of eachfeature word combination in the first feature set to obtain feature vectors of the sample script file; training a script recognition model according to the feature vector of each sample script file and the label of each sample script file; and when the to-be-identified script file is obtained, identifying the to-be-identified script file by utilizing the script identification model, and determining whether the to-be-identified script file is a malicious script file or not. By adopting the method and the device, the accuracy of identifying the webshell file can be improved.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for identifying script files. Background technique [0002] webshell is based on ASP (Active Server Pages, active server page), PHP (Hypertext Preprocessor, hypertext preprocessor), JSP (Java Server Pages, java server page), python or CGI (Common Gateway Interface, public gateway interface) and other web pages A command execution environment in the form of a script file can also be called a web page backdoor. Webshell is often used by intruders to obtain the operating authority of the website server. After hackers invade a website server, they usually mix the webshell file with the normal webpage files in the web directory of the website server, and then use the browser to access the webshell file. The webshell command executes the environment, so as to obtain a certain degree of operation authority on the server, so as to achieve the purpo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/562G06F21/566G06F2221/033
Inventor 顾成杰
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap