Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A rnn-based webshell detection method and device

A technology of detection method and preset method, which is applied in the field of Internet to achieve the effect of eliminating useless noise, reducing false alarm rate and false negative rate, and improving accuracy rate

Active Publication Date: 2021-09-03
UNICLOUD (NANJING) DIGITAL TECH CO LTD
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The second method is the method of judging the file type. MIME Type, suffix check, and packet type magic word matching are generally used to judge the file type. However, this method is easy to be added by hackers by modifying the suffix and legitimate files. Trojans and other methods to bypass detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A rnn-based webshell detection method and device
  • A rnn-based webshell detection method and device
  • A rnn-based webshell detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] In order to further illustrate the various embodiments, the present invention provides accompanying drawings, which are part of the disclosure of the present invention, and are mainly used to illustrate the embodiments, and can be used in conjunction with the relevant descriptions in the specification to explain the operating principles of the embodiments, for reference Those of ordinary skill in the art should be able to understand other possible implementations and advantages of the present invention. The components in the figures are not drawn to scale, and similar component symbols are generally used to represent similar components.

[0041] According to an embodiment of the present invention, an RNN-based Webshell detection method and device are provided. Among them, RNN (Recurrent Neural Network) is a deep learning method with a recurrent structure, and is widely used in speech recognition, machine translation, text processing and other fields. There are many opti...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an RNN-based Webshell detection method and device. The method includes the following steps: S1, preprocessing the source file by a preset method to obtain keywords; S2, constructing a gated loop unit by using a preset rule GRU model, and perform training; S3, discriminate the source file through the GRU model of the gated recurrent unit. Beneficial effects: the present invention approximates samples from the keyword set, by extracting keywords, using the keyword set corresponding to the sample to approximate the sample, effectively eliminating the useless noise in the sample, compared with the traditional commonly used machine learning Algorithms, the present invention can extract deep-level features, thereby not only effectively improving the accuracy of detection, but also effectively reducing the rate of false alarms and false negatives, so that the present invention can more effectively realize the detection of webshells.

Description

technical field [0001] The present invention relates to the technical field of the Internet, in particular to an RNN-based Webshell detection method and device. Background technique [0002] WebShell is a command execution environment that exists in the form of webpage files such as asp, php, jsp, or cgi, and can also be called a webpage backdoor. After invading a website, attackers usually mix these asp or php backdoor files with normal webpage files in the web directory of the website server, and then use a browser to access these backdoors to obtain a command execution environment to control the website The purpose of the server, this is the webshell file upload attack. [0003] Webshell can be divided into 2 categories, one is Xiaoma, and the other is Malaysia. Xiaoma, the source file code is less, usually ranging from a few lines to dozens of lines, and its main functions are file upload, command line program execution, etc. In Malaysia, the file size ranges from a f...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F16/35G06F40/284G06F40/289G06N3/04G06N3/08
CPCH04L63/1416H04L63/145G06F16/353G06F40/284G06F40/289G06N3/08G06N3/045G06N3/044
Inventor 张秀华
Owner UNICLOUD (NANJING) DIGITAL TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com