Device and method for detecting webpage Trojan horse in server, and storage medium

A web Trojan horse and server technology, applied in the field of network information security, can solve the problems of large CPU and memory consumption, long time consumption, dependence, etc., and achieve the effect of reducing resource consumption

Active Publication Date: 2020-05-15
CHINA CONSTRUCTION BANK
View PDF13 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Once the webpage Trojan horse breaks through the boundary, it will quickly plant a back door in the relatively weak intranet, leaving long-term hidden dangers, especially in various levels of offensive and defensive drills and real network warfare, which will lead to the fall of the core system of the intranet
[0003] Existing detection methods for webpage Trojans mainly include: the host agent method, which consumes a large amount of CPU and memory during detection, and even seizes the service resources of the server to cause production events; the signature identification method, which completely depends on the server The local signature library cannot identify variant webpage Trojans in a timely manner, and consumes a lot of server computing resources during feature calculation and matching; the full-scale scanning and killing method requires traversing all files on the server for each scanning and killing, which takes a long time and cannot Recognizing webpage Trojan horses in a relatively short period of time also requires a large amount of server computing resources; the method of timing detection and killing also needs to scan a large number of files. In order to avoid affecting the normal operation of production business, usually only during non-business peaks Timed scanning and killing can be performed from time to time, but real-time scanning and killing cannot be performed.
[0004] The above web page Trojan detection method needs to occupy a large amount of server resources during detection, which affects the normal production and business operation of the server itself, and cannot be quickly and effectively detected and killed on the premise of ensuring that the server provides normal services
Moreover, the existing detection method is usually to check and kill each server separately, and each server often repeatedly identifies the same Trojan file, resulting in waste of resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Device and method for detecting webpage Trojan horse in server, and storage medium
  • Device and method for detecting webpage Trojan horse in server, and storage medium
  • Device and method for detecting webpage Trojan horse in server, and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] In order to facilitate the understanding of various aspects, features and advantages of the technical solutions of the present invention, the present invention will be specifically described below in conjunction with the accompanying drawings. It should be understood that the various implementations described below are only for illustration, rather than limiting the protection scope of the present invention.

[0062] The first aspect of the embodiments of the present invention provides a device deployed in the cloud for detecting webpage Trojan horses in a server. figure 1 A schematic diagram of an apparatus for detecting a webpage Trojan in a server deployed in the cloud according to an embodiment of the present invention is shown. Such as figure 1 As shown, the device (hereinafter referred to as the cloud detection device) 10 deployed in the detection server of the webpage Trojan horse in the cloud is used to detect the webpage Trojan horse in the server deployed in ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a device and a method for detecting a webpage Trojan horse in a server and a storage medium, and relates to the technical field of network information security. The device comprises a file content obtaining module used for obtaining the file content of a newly added/modified file of a current server in a cluster; a suspicious file identification module which is used for identifying whether the newly added/modified file is a suspicious file according to the file content of the newly added/modified file; an instruction issuing module which is used for issuing a cluster instruction to other servers except the current server in the cluster so as to indicate the other servers to check whether the other servers have the same files as the suspicious files; and a Trojan identification module which is used for identifying the suspicious file as a Trojan file when the ratio of the number of the servers with the same file as the suspicious file to the total number of the servers in the cluster is smaller than a set threshold. According to the device, various webpage Trojans can be quickly and accurately identified under the condition of ensuring normal service operationof the server.

Description

technical field [0001] The invention relates to the technical field of network information security, in particular to a device, method and storage medium for detecting a web page Trojan horse in a server. Background technique [0002] As a script type Trojan horse, webpage Trojan horse generally exists on the website server, and is one of the important means to break through the boundary of the internal and external network, causing great harm. Once the webpage Trojan horse breaks through the boundary, it will quickly plant a back door in the relatively weak intranet, leaving long-term hidden dangers, especially in various levels of offensive and defensive drills and real network warfare, which will lead to the fall of the core system of the intranet. [0003] Existing detection methods for webpage Trojans mainly include: the host agent method, which consumes a large amount of CPU and memory during detection, and even seizes the service resources of the server to cause produ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F9/50G06K9/62
CPCG06F21/566G06F9/5033G06F18/22
Inventor 李武军丁海虹刘云鹏
Owner CHINA CONSTRUCTION BANK
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products