Unlock instant, AI-driven research and patent intelligence for your innovation.

Webshell detection method and device, storage medium and equipment

A detection method and technology to be detected, applied in the field of network security, can solve the problems of complex detection process, relatively high requirements on processing capability and efficiency of detection tools, and achieve the effects of improving detection efficiency, simple detection method, and improved capability.

Active Publication Date: 2020-08-11
BEIJING SHENGXIN NETWORK TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these common detection methods are powerless for complex or confused webshells or the detection process is complicated, and require relatively high processing power and efficiency of detection tools

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method and device, storage medium and equipment
  • Webshell detection method and device, storage medium and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045]The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.

[0046] Such as figure 1 As shown in the schematic flow chart of the Webshell detection method provided by the embodiment of the present invention, it includes the following steps:

[0047] 110. After identifying the variables and functions in the PHP code to be detected that match the preset threat input library as external input tags, and according to the variables and functions with external input tags, compile the corresponding PHP code to be detected. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a Webshell detection method and device, a storage medium and equipment. The method comprises the steps of marking variables and functions in a to-be-detected PHP code matchedwith a preset threat input library as external input marks, and marking a result obtained by executing a corresponding operation code Opcode obtained by compiling the to-be-detected PHP code as an external input mark according to the variables and functions with the external input marks; executing the Opcode code, and transmitting the external input mark according to the current execution processto obtain a processing result; If the value of the variable and / or the return value of the function in the processing result has an external input mark, the function extracted from the processing result is matched with a threat function in a preset threat function library and contains a threat parameter, determining that the PHP code to be detected is a Webshell. The method has a remarkable effecton detection of confusion deformation and complex Webshell. Meanwhile, the detection method is simple and convenient, and the detection efficiency can be improved.

Description

technical field [0001] The present invention relates to the field of network security, in particular to a Webshell detection method, device, storage medium and equipment. Background technique [0002] Webshell exists in the form of webpage files such as asp, php, jsp, or cgi, and is a webpage backdoor file. It can usually provide a command execution environment, and the webmaster can conveniently manage the website server through the webshell. However, due to the command execution capability of Webshell, it has also become a powerful weapon for hackers to invade websites. Among them, the Webshell style of php is the most abundant. Due to the powerful flexibility of the php language itself, the deformation types, obfuscation methods, and detection difficulty of phpWebshell are much higher than those of other languages. [0003] At present, the common php Webshell detection methods are static detection, dynamic detection, web log detection, statistical feature detection and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/56G06F21/563
Inventor 陈浩何树果朱震程度张福
Owner BEIJING SHENGXIN NETWORK TECH CO LTD