Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Webshell detection method based on image analysis, terminal equipment and storage medium

A technology of image analysis and detection methods, applied in image analysis, image data processing, instruments, etc., which can solve the problem of detection of false negative rate and false positive rate that cannot cross domains, bottlenecks, well-defined behavioral characteristics and complete coverage of risk models and other issues to achieve the effect of improving detection performance, avoiding manual maintenance, and avoiding linear growth

Pending Publication Date: 2021-06-25
XIAMEN FUYUN INFORMATION TECH CO LTD
View PDF2 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The essence of regular expressions is a finite state automaton, which cannot well define behavioral characteristics and complete coverage risk models, so there is a bottleneck that cannot cross domains in detecting false negative rates and false positive rates
In a 2005 paper by Hansen of the University of Iowa, it was theoretically proved that there must be false negatives and false positives in the regular matching method.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method based on image analysis, terminal equipment and storage medium
  • Webshell detection method based on image analysis, terminal equipment and storage medium
  • Webshell detection method based on image analysis, terminal equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] The embodiment of the present invention provides a Webshell detection method based on image analysis, such as figure 1 As shown, the method includes the following steps:

[0032] S1: Collect multiple webshell samples of two different types, normal and abnormal.

[0033] S2: Generate a corresponding RGB image according to the collected Webshell samples and the Opcode sequence and Opcode frequency of the Webshell to be tested.

[0034] In this embodiment, the Webshell in the form of php code is taken as an example for illustration. When the Zend virtual machine executes a piece of php code, it generally goes through the following four steps:

[0035] 1) Scanning (Lexing), which converts PHP code into language fragments (Tokens);

[0036] 2) Parsing, which converts language fragments into simple and meaningful expressions;

[0037] 3) Compilation, which compiles expressions into Opcodes;

[0038] 4) Execution, that is, the Zend engine executes Opcodes in sequence.

...

Embodiment 2

[0073] The present invention also provides a Webshell detection terminal device based on image analysis, including a memory, a processor, and a computer program stored in the memory and operable on the processor, when the processor executes the computer program The steps in the above method embodiment of Embodiment 1 of the present invention are implemented.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a Webshell detection method based on image analysis, terminal equipment and a storage medium. The method comprises the following steps: S1, collecting a plurality of normal and abnormal Webshell samples; S2, according to the collected Webshell samples and the Opcode sequence and the Opcode frequency of the Webshell to be detected, generating a corresponding RGB image; S3, calculating the distance between the RGB image of the to-be-tested Webshell and the RGB image of each Webshell sample, sorting the Webshell samples according to the sequence of the distances from small to large, selecting the first N Webshell samples from the sorting result, judging the types of the first N Webshell samples, and taking the type with the maximum corresponding number as the type of the to-be-tested Webshell. According to the method, the malicious behavior of the Webshell is represented by the Opcode feature, the two-dimensional gray level image is generated by using the Opcode sequence, and then the RGB image is synthesized by combining the gray level image generated by the Opcode frequency, so that the malicious behavior of the Webshell can be represented more completely, and the detection performance is improved.

Description

technical field [0001] The invention relates to the field of Webshell detection, in particular to an image analysis-based Webshell detection method, a terminal device and a storage medium. Background technique [0002] Web application systems are now widely used in important business lines such as social networking, shopping, banking, and mail, and occupy a very important position in network assets. The system is vulnerable to intrusion due to its wide attack surface and multiple attack techniques. Webshell is a backdoor program that intruders control servers in the form of dynamic scripts. It is very important to effectively detect website backdoor programs and understand the security status of applications. Limited by detection technology, there are still a large number of website Trojans that cannot be detected. Webshell variants emerge in endlessly, and it is difficult for existing detection methods to effectively fight against them. The situation is very grim. [000...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06K9/62G06T7/90
CPCG06F21/56G06T7/90G06F18/214
Inventor 姚刚陈奋陈荣有孙晓波龚利军
Owner XIAMEN FUYUN INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com