Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for remotely and accurately identifying WebShell back door

A backdoor and accurate technology, applied in the direction of using information identifiers to retrieve Web data, special data processing applications, instruments, etc., can solve the problems of deploying traffic audit systems, deformation or confusion, and inability to detect, to enrich inspection methods, improve The effect of detection rate

Active Publication Date: 2020-03-24
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF13 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] (1) All need to be deployed in the network environment of the target website, such as local deployment, monitoring and analysis in the traffic, which cannot be implemented if the network system of the target website cannot be touched;
[0007] (2) WebShell is mostly written in a dynamic language, which is very easy to deform or confuse. At the same time, there are some WEB server interfaces, such as CGI or Java Servlet, which can run compiled binary programs, so it is difficult to detect source code audits locally and is prone to occurrence False report;
[0008] (3) If the WebShell backdoor has been implanted before the deployment of the traffic monitoring device and the hacker has not operated the WebShell for a long time, the traffic behavior cannot be generated or detected
[0009] (4) All belong to local inspections. After the implementation of the Cyber ​​Security Law, when the regulatory agencies, public security, and Internet Information Offices conduct network-wide inspections, they cannot obtain the source code of the target website or deploy a traffic audit system on the target network. Do remote discovery of WebShell backdoor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for remotely and accurately identifying WebShell back door

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The present invention will be described in further detail below in conjunction with the examples, but the protection scope of the present invention is not limited thereto.

[0031] The invention relates to a method for remote and accurate identification of WebShell backdoors. All webpage resources are crawled by crawlers on the target website, and are matched with common WebShell backdoor path dictionaries throughout the site, and the WebShell backdoor rule library is used to match whether there is a backdoor, and through a remote method Accurately identify WebShell backdoors.

[0032] The method includes the following steps.

[0033] Step 1: Obtain the file paths of all WebShells existing in the website to be detected.

[0034] In step 1, the file path includes URL links of any webpage, links in attachments and / or directory listings.

[0035] In the present invention, the crawler function is used to crawl the file path of the WebShell that may exist in the website. I...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for remotely and accurately identifying a WebShell back door. The method includes the steps: obtaining all file paths of WebShell existing in the website to be detected; complementing and detecting by using the standard dictionary, if the current path is a WebShell back door, directly alarming, otherwise, listing into a suspicious list and successively guessing and logging in, and if the login is successful, judging that the current path is the WebShell back door, and alarming, otherwise, discarding and filtering the current path. The method carries out crawler crawling on the target website to obtain all webpage resources, performs total station matching with a common WebShell backdoor path, judges whether a backdoor exists or not is matched through a WebShell backdoor rule base, accurately recognizes the WebShell backdoor in a remote mode, conducts violent guessing login on the suspected WebShell for recognition, accurately recognizes the WebShell backdoor through multi-latitude feature matching, enriches webpage backdoor checking methods, and increases the WebShell backdoor detection rate.

Description

technical field [0001] The present invention relates to the transmission of digital information, such as the technical field of telegram communication, and in particular to a method for remotely and accurately identifying WebShell backdoors. Background technique [0002] WebShell is a kind of web backdoor. It usually exists as a command execution environment in the form of web files such as ASP, PHP, JSP, or CGI. It is a script attack tool for hackers to intrude into web servers. The authority to operate the server to some extent, because WebShell mostly appears in the form of dynamic scripts, and some people call it the backdoor tool of the website. [0003] After a hacker invades a website and obtains permission, he usually mixes these backdoor files such as ASP and PHP with the normal webpage files in the web directory of the website server, and then accesses these backdoor files such as ASP and PHP through a browser to get command Execute the environment, and then achie...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F16/951G06F16/955
CPCG06F21/563G06F16/951G06F16/9566
Inventor 金海俊范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products