Webshell detection method based on incremental learning, terminal equipment and storage medium

A technology of incremental learning and detection methods, applied in the field of network security detection, can solve problems such as difficulty in establishing an accurate supervised learning model, difficulty in coping with complex real environments, and manual errors in analysis results, achieving accuracy and reliability, and reducing manpower Cost, the effect of reducing false negative rate and false positive rate

Inactive Publication Date: 2020-05-01
XIAMEN FUYUN INFORMATION TECH CO LTD
View PDF3 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the field of webshell security detection, due to the lack of samples, it is difficult to establish an accurate supervised learning model, and unsupervised learning will cause a high false alarm rate, requiring a large number of security engineers to analyze and filter machine learning warnings, and there are manual errors in the analysis results
Due to the variety of web attack methods, traditional prediction methods are difficult to deal with complex real environments

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method based on incremental learning, terminal equipment and storage medium
  • Webshell detection method based on incremental learning, terminal equipment and storage medium
  • Webshell detection method based on incremental learning, terminal equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] The embodiment of the present invention provides a webshell detection method based on incremental learning, such as figure 1 shown, including the following steps:

[0047] S1: Collect webshell samples and normal samples, and extract features from the samples to form a training set.

[0048] The process of feature extraction includes the following two points:

[0049] (1) Using the Abstract Syntax Tree (AST) to perform semantic analysis on the sample, and obtain the function call set of the sample.

[0050] The samples collected in this embodiment are script files.

[0051] The abstract syntax tree is a tree-like representation of the abstract syntax structure of a programming language. It is used as the input of the compiler backend and does not depend on the details of the specific grammar and language. By analyzing the abstract syntax tree, an understanding of the semantic level of the code can be obtained. The generation process of the abstract syntax tree includ...

Embodiment 2

[0126] The present invention also provides a webshell detection terminal device based on incremental learning, including a memory, a processor, and a computer program stored in the memory and operable on the processor, and the processor executes the computer program The steps in the above method embodiment of Embodiment 1 of the present invention are realized at the same time.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a webshell detection method based on incremental learning, terminal equipment and a storage medium, and the method comprises: S1, collecting a webshell sample and a normal sample, carrying out the feature extraction of the samples, and forming a training set; S2, constructing a classification model, and training the classification model through the training set to obtain atrained initial classification model; S3, continuously collecting webshell samples, extracting feature vectors of the samples to form a newly added sample set, and performing incremental learning onthe initial classification model through the samples in the newly added sample set to obtain a classification model after incremental learning; and S4, detecting the webshell through the classification model after incremental learning. A set of marked samples and unmarked samples are utilized, the sample feature vectors are obtained by analyzing the sample abstract syntax tree to obtain the word set vectors, manual marking is not needed, the word set vectors and the minimum distance classification algorithm based on adjustment screening are utilized, an initial model can be obtained only through a small number of samples, and the labor cost is greatly reduced.

Description

technical field [0001] The invention relates to the field of network security detection, in particular to a webshell detection method based on incremental learning, a terminal device and a storage medium. Background technique [0002] With the rapid development of the Internet and the wide application of Web technology in various industries, Web security has gradually become one of the most important offensive and defensive battlefields in the field of information security. WebShell is a common web attack technology, which is implanted into web applications by attackers through file uploading, SQL injection and other attack methods. It is often used for attack purposes such as authority maintenance, data theft, and intranet detection. Scanners and website backdoors (aka WebShells) have become the most common web attack techniques used by attackers. Therefore, fast and accurate WebShell detection is particularly important on the security defense side. [0003] The tradition...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/56G06F21/14G06K9/62H04L29/08
CPCH04L63/1416G06F21/563G06F21/14H04L67/02G06F18/23213G06F18/241
Inventor 陈奋姚刚孙晓波龚利军陈荣有
Owner XIAMEN FUYUN INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap