Webshell killing-free method based on random character exclusive-OR operation

A technology of random characters and characters, applied in the field of webshell avoidance based on the XOR operation of random characters, can solve the problem of reducing the attack efficiency of the attacker, and achieve the effect of improving the quality of personnel, protecting network security, and improving attack efficiency.

Inactive Publication Date: 2020-12-18
广州锦行网络科技有限公司
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For traditional webshells, major anti-virus software and website application-level intrusion prevention system WAF are strictly guarded against, effectively reducing the attacking efficiency of the attacker

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell killing-free method based on random character exclusive-OR operation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0019] A webshell avoidance method based on XOR operation of random characters. Sensitive keywords concerned by the scanning and killing system are represented by character characters, and webshell files of PHP scripts are constructed, so that the killing system cannot obtain sensitive keywords through character kill system monitoring.

[0020] The representation characters are different from the expression characters constituting the sensitive keywords. The representation characters contain an exclusive-or relationship, and the expression characters of the sensitive keywords are obtained after the calculation of the exclusive-or relationship in the representation characters.

[0021] The anti-virus system refers to anti-virus software or website application-level intrusion prevention system. During the defense process, anti-virus software usually checks sensitive keywords. If there are sensitive keywords in the file, it is considered that there is a network security risk, and...

Embodiment 2

[0052] A webshell avoidance method based on XOR operation of random characters, other features are the same as in Embodiment 1, the difference lies in: the way of constructing webshell avoidance file through XOR operation is different.

[0053] Each character in the sensitive keyword is obtained by XORing the characters. Taking eval as an example, in this embodiment, two character representations of "e", "v", "a", and "l" that can be obtained through XOR operation are randomly selected sequentially to construct a PHP webshell file.

[0054] Since there are multiple groups of character pairs that can obtain "e" through XOR operations, and multiple groups of character pairs that can obtain "v" through XOR operations, ..., therefore, the method of constructing sensitive keywords expressed through XOR relations There are many kinds, and there is randomness. Therefore, the forms of the PHP webshell files constructed at different times are various, and there is diversity and random...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A webshell killing-free method based on random character exclusive-OR operation comprises the steps that sensitive keywords concerned by a searching and killing system are represented through representation characters, a webshell file of a PHP script is constructed, and therefore the searching and killing system cannot obtain the sensitive keywords through the representation characters, and monitoring of the searching and killing system is achieved; and the representation character is different from an expression character forming the sensitive keyword, the representation character contains anexclusive-OR relationship, and the expression character of the sensitive keyword is obtained after the exclusive-OR relationship in the representation character is calculated. The sensitive keywordsare hidden by characterizing the characters, so that the monitoring of the searching and killing system can be realized. The webshell file with the killing-free effect is flexible to generate, and various in composition modes. The benefit of red and blue confrontation on network security is improved, the personnel quality of the network security is further improved, and the network security is better protected.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a webshell avoidance method based on XOR operation of random characters. Background technique [0002] With the development of Internet technology, network security is becoming more and more important, and the red-blue confrontation between network security is also becoming more and more important. The confrontation between red and blue teams is one of the important means of protection for enterprises or institutions. The result is to deal with the current increasing security vulnerabilities and complex and diverse network attacks. A strong security defense system can only be built if an enterprise continues to go through red-blue confrontation and form a closed loop of loopholes. [0003] The confrontation between red and blue is a continuous process. The enemy's attack methods are constantly changing and improving. Our defense must also be continuously improved to ens...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F8/72G06F21/55G06F21/56
CPCG06F8/72G06F21/556G06F21/56
Inventor 吴建亮胡鹏梁志颖
Owner 广州锦行网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap