Webshell detection method and device based on Relief algorithm

A detection method and algorithm technology, applied in computing, complex mathematical operations, computer parts and other directions, can solve the problem of high false alarm and false alarm rate, and achieve the effect of improving the accuracy rate and reducing the false alarm rate and the false alarm rate and the false alarm rate.

Inactive Publication Date: 2020-12-08
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The present invention aims to solve the problems of high false positive and false positive rates in existing webshell detection methods, and proposes a webshell detection method and device based on the Relief algorithm

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method and device based on Relief algorithm
  • Webshell detection method and device based on Relief algorithm
  • Webshell detection method and device based on Relief algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0055] The webshell detection method based on the Relief algorithm described in the embodiment of the present invention, such as figure 1 shown, including the following steps:

[0056] Step S1, collecting samples, the samples include webshell samples and normal samples;

[0057] Under normal circumstances, there are relatively few webshell samples, and a large number of webshell samples can be obtained by collecting webshell information on github and using Python scripts.

[0058] Step S2, extracting the text features in the sample to obtain a text feature sample set, and extracting the behavioral features in the sample to obtain a behavioral feature sample set;

[0059] Among them, text features are used to represent text information, which can include: information entropy, longest string length, file overlap index, file compression ratio, and proportion of non-alphanumeric characters; extract text features in samples to form a text feature sample set;

[0060] Behavioral f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the field of malicious script detection, aims to solve the false alarm and high missing report rate of an existing webshell detection method, and provides a webshell detectionmethod and device based on a Relief algorithm. The method comprises the steps: collecting samples, wherein the samples comprise a webshell sample and a normal sample; extracting text features from the samples to obtain a text feature sample set, and extracting behavior features from the samples to obtain a behavior feature sample set; optimizing the text feature sample set and the behavior feature sample set based on the Relief algorithm to obtain a text feature set and a behavior feature set; training a webshell detection model according to the text feature set and the behavior feature set;and determining whether a to-be-detected file is a webshell file or not by adopting the webshell detection model. According to the method, the false alarm rate and the missing report rate are reduced,and the webshell detection accuracy is improved.

Description

technical field [0001] The invention relates to the field of malicious script detection, in particular to a webshell detection method and device based on a Relief algorithm. Background technique [0002] Webshell is a command execution environment in which script files such as asp, jsp, and PHP exist. It can also be called a web page backdoor. After an attacker invades a website server, the webshell backdoor file and normal scripts in the web directory of the website server will generally be copied. Put the files together, and then use the browser to access the webshell backdoor file, get the webshell command execution environment, and achieve the purpose of controlling the website server. [0003] Nowadays, with the rapid development of Internet technology, the services provided by Web application systems are becoming more and more abundant. More and more Web application systems are widely used in all walks of life, and the security issues of Web application systems have be...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06K9/62G06F17/18G06F16/958
CPCG06F21/56G06F17/18G06F16/958G06F18/24143G06F18/214
Inventor 张兰徐曼马小勤赵凌彦
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap