Supercharge Your Innovation With Domain-Expert AI Agents!

PHP type WebShell detection method and detection system thereof

A detection method and type of technology, applied in the field of Internet security, can solve the problems of high space complexity of classification algorithms, incomplete interpretation of features, imperfect feature database, etc., to reduce time and space complexity, improve advantages, and improve completeness Effect

Pending Publication Date: 2021-06-01
国药集团基因科技有限公司
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) The feature database is not perfect;
[0006] (2) The meaning of the feature cannot be fully interpreted after feature vectorization;
[0007] (3) The feature dimension is too high, and the space complexity of the classification algorithm is extremely high;
[0008] (4) The classification algorithm has certain limitations

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • PHP type WebShell detection method and detection system thereof
  • PHP type WebShell detection method and detection system thereof
  • PHP type WebShell detection method and detection system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0044] Currently, detection methods based on PHP language WebShell can be divided into two types: detection based on static features and detection based on dynamic features.

[0045] The detection of static features is mainly to match the information that can be obtained from the original WebShell file, such as feature codes, feature values, and dangerous function names, to find the WebShell method. The advantage is that the server deployment is simple, and the known or existing signature database WebShell has a high search rate, and a simple script can realize the function; the disadvantage is tha...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of Internet security, in particular to a PHP type WebShell detection method and a detection system thereof. According to the method , normal sample files with php as the type and WebShell samples with php as the type are collected, and dynamic features and static features of the normal sample files and the WebShell samples are jointly used as features of a data set, so that the completeness of a feature library is improved; secondly, feature vectorization is carried out on the dynamic features by using Word2Vec, and numeralization is carried out on the basis of ensuring feature meanings; secondly, feature screening is performed by using a random forest, unimportant features are moved, important classification features are reserved, and the time and space complexity is reduced for a subsequent classification algorithm; and finally, an ensemble learning algorithm is used for classification, so that the advantages of each classification algorithm can be improved to a great extent, and finally, very high accuracy and recall rate can be obtained.

Description

technical field [0001] The invention relates to the technical field of Internet security, in particular to a PHP-type WebShell detection method and a detection system thereof. Background technique [0002] The network backdoor obtains server data information or system administrator rights through shell scripts, and further extends the damage to the entire local area network, causing the entire server to be paralyzed. It can also obtain information by hanging horses on the website, spreading viruses, etc.; For security, it is extremely important to detect backdoor files on the server, and malicious WebShell is a kind of website backdoor, so it is extremely important to detect WebShell files on the website. [0003] According to the type of scripting language, WebShell can be classified into ASP script Trojan horse, PHP script Trojan horse, JSP script Trojan horse, etc., and among the known WebShells, WebShell written in PHP accounts for a large proportion, and WebShell script...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06N20/20
CPCG06F21/562G06F21/566G06N20/20
Inventor 艾壮陆亚平
Owner 国药集团基因科技有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com