Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Webpage log attack information detection method, system and device and readable storage medium

An information detection and logging technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve the problems of not being able to obtain summary statistics of network security, missing the opportunity to capture attackers, and passing analysis

Active Publication Date: 2020-02-21
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, the analysis and processing of web logs is often only a summary of web logs, and it is impossible to obtain summary statistics that are beneficial to network security.
That is, if the effective information of the webpage log cannot be correctly parsed and reorganized, it will be impossible to track the attacker by analyzing the webpage log in the daily operation of the website and in the process of security emergency response, combined with other situations, restore the attack process, and miss the opportunity to bring the attacker to justice. Timing of Arrest in Israel

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webpage log attack information detection method, system and device and readable storage medium
  • Webpage log attack information detection method, system and device and readable storage medium
  • Webpage log attack information detection method, system and device and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] For ease of understanding, the following briefly describes the shortcomings of the prior art and the core idea of ​​the solution proposed in this embodiment.

[0052] As far as the analysis results of existing tools for web logs (ie, web logs) are concerned, the data is simply split and not processed logically, so that web logs do not play the important role imagined in daily work.

[0053] For the existing web log analysis products, the main disadvantages are concentrated in the following aspects. Disadvantage 1: The volume of web logs is huge, many tools are difficult to analyze, and system crashes often occur. Disadvantage 2: The analysis effect of most products is not good, and it just stays in the summary of the analyzed data and does not go deep into logical concatenation of effective data fragments. Disadvantage 3: Manpower is required to draw data conclusions, and in the end it is still up to humans to judge some network operation behaviors.

[0054] In view of...

Embodiment 2

[0087] Corresponding to the above method embodiment, the embodiment of the present invention also provides a web log attack information detection system, the web log attack information detection system described below and the web log attack information detection method described above can be referred to each other.

[0088] see image 3 As shown, the system includes:

[0089] Data cleaning model 101, keyword analysis model 102 and webpage backdoor analysis model 103;

[0090] Data cleaning model, used to split web logs to obtain data fragments;

[0091] The keyword analysis model is used to serially merge the request responses in the data fragments according to the timeline to obtain traffic portraits;

[0092] The webpage backdoor analysis model is used to retrieve malicious codes in webpage logs; conduct sandbox tests on malicious codes to obtain test results; add test results to traffic portraits to obtain webpage backdoor attack timelines.

[0093] Apply the device prov...

Embodiment 3

[0107] Corresponding to the above method embodiment, the embodiment of the present invention also provides a webpage log attack information detection device, a webpage log attack information detection device described below and a webpage log attack information detection method described above can be mutually Corresponding reference.

[0108] see Figure 4 As shown, the webpage log attack information detection equipment includes:

[0109] memory D1 for storing computer programs;

[0110] The processor D2 is configured to implement the steps of the method for detecting web page log attack information in the above method embodiment when executing the computer program.

[0111] Specifically, please refer to Figure 5 , is a specific structural diagram of a webpage log attack information detection device provided in this embodiment. The webpage log attack information detection device may have relatively large differences due to different configurations or performances, and may i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a webpage log attack information detection method, system and device and a readable storage medium, and the method comprises the steps: obtaining a webpage log, carrying out the splitting of the webpage log through a data cleaning model, and obtaining a data segment; merging the request responses in the data fragments in series according to a timeline by utilizing a keywordanalysis model to obtain a flow portrait; utilizing a webpage backdoor analysis model to retrieve malicious codes in the webpage logs; performing sandbox test on the malicious code to obtain a test result; and adding a test result in the flow portrait, and obtaining a webpage backdoor attack timeline. According to the method, the webpage log is processed, so that the webpage backdoor attack timeline used for tracking the attacker and restoring the attack process can be finally obtained, and powerful reference evidences are provided for capturing the attacker in time and preventing the attacker from committing a crime next time.

Description

technical field [0001] The present invention relates to the field of computer application technology, in particular to a method, system, device and readable storage medium for detecting web page log attack information. Background technique [0002] The web log is an important part of the web server, which records in detail the client's access request to the web application and the running status of the server during the running of the server. The data on the behavior status of the server recorded in the log over time is also very large, and it is not feasible to rely on manual investigation. At the same time, the intrusion behavior of the attacker on the website will also be recorded in the webpage log. [0003] At present, the analysis and processing of the webpage logs is often only the summary statistics of the webpage logs, and it is impossible to obtain summary statistics beneficial to network security. That is, if the effective information of the webpage log cannot b...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/1425H04L41/14
Inventor 刘成煜范渊纪小默赵悦菅强石锐问闻赵志巍李梦姣周堃宋扬张昕
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products