Webshell detection method based on image analysis, terminal equipment and storage medium

A technology of image analysis and detection methods, applied in image analysis, image data processing, instruments, etc., which can solve the problem of detection of false negative rate and false positive rate that cannot cross domains, bottlenecks, well-defined behavioral characteristics and complete coverage of risk models and other issues to achieve the effect of improving detection performance, avoiding manual maintenance, and avoiding linear growth

Pending Publication Date: 2021-06-25
XIAMEN FUYUN INFORMATION TECH CO LTD
View PDF2 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The essence of regular expressions is a finite state automaton, which cannot well define behavioral characteristics and complete coverage risk models, so there is a bottleneck that cannot cross domains in detectin

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method based on image analysis, terminal equipment and storage medium
  • Webshell detection method based on image analysis, terminal equipment and storage medium
  • Webshell detection method based on image analysis, terminal equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0030] Example 1:

[0031] The embodiment of the present invention provides a webShell detection method based on image analysis, such as figure 1 As shown, the method includes the following steps:

[0032] S1: Collect two different types of different types of different types of normal and abnormalities.

[0033] S2: Generates a corresponding RGB image based on the acquired WebShell sample and the OPCode sequence and the OPCode frequency of WebShell to be tested.

[0034] This embodiment will be described as an example in the form of a PHP code. When the Zend virtual machine performs a PHP code, the following four steps are generally experienced:

[0035] 1) Scanning (lexing), the PHP code is converted to the language clip;

[0036] 2) PARSING, the language fragment is converted into a simple meaningful expression;

[0037] 3) Compilation, which is compiled into opcodes;

[0038] 4) Execution, that is, the Zend engine executes opcodes sequentially.

[0039] PHP is above the Zend Vi...

Example Embodiment

[0072] Example 2:

[0073] The present invention also provides an image analysis-based WebShell detecting terminal device, including a memory, a processor, and a computer program stored in the memory and can run on the processor, the processor performs the computer program. The steps in the above method embodiment of the embodiment of the present invention are implemented.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a Webshell detection method based on image analysis, terminal equipment and a storage medium. The method comprises the following steps: S1, collecting a plurality of normal and abnormal Webshell samples; S2, according to the collected Webshell samples and the Opcode sequence and the Opcode frequency of the Webshell to be detected, generating a corresponding RGB image; S3, calculating the distance between the RGB image of the to-be-tested Webshell and the RGB image of each Webshell sample, sorting the Webshell samples according to the sequence of the distances from small to large, selecting the first N Webshell samples from the sorting result, judging the types of the first N Webshell samples, and taking the type with the maximum corresponding number as the type of the to-be-tested Webshell. According to the method, the malicious behavior of the Webshell is represented by the Opcode feature, the two-dimensional gray level image is generated by using the Opcode sequence, and then the RGB image is synthesized by combining the gray level image generated by the Opcode frequency, so that the malicious behavior of the Webshell can be represented more completely, and the detection performance is improved.

Description

technical field [0001] The invention relates to the field of Webshell detection, in particular to an image analysis-based Webshell detection method, a terminal device and a storage medium. Background technique [0002] Web application systems are now widely used in important business lines such as social networking, shopping, banking, and mail, and occupy a very important position in network assets. The system is vulnerable to intrusion due to its wide attack surface and multiple attack techniques. Webshell is a backdoor program that intruders control servers in the form of dynamic scripts. It is very important to effectively detect website backdoor programs and understand the security status of applications. Limited by detection technology, there are still a large number of website Trojans that cannot be detected. Webshell variants emerge in endlessly, and it is difficult for existing detection methods to effectively fight against them. The situation is very grim. [000...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06K9/62G06T7/90
CPCG06F21/56G06T7/90G06F18/214
Inventor 姚刚陈奋陈荣有孙晓波龚利军
Owner XIAMEN FUYUN INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap