WebShell detection method, device and equipment and readable storage medium

A detection method and technology to be detected, applied in the computer field, can solve the problems of missed or false positives, low accuracy of detection results, and increased detection process, so as to avoid missed or false positives.

Pending Publication Date: 2021-07-09
SANGFOR TECH INC
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, because the type of WebShell changes frequently, the detection rules set in advance may be invalid, resulting in false negatives or false positives, and the accu

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WebShell detection method, device and equipment and readable storage medium
  • WebShell detection method, device and equipment and readable storage medium
  • WebShell detection method, device and equipment and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0048] At present, the method of detecting WebShell is relatively simple, which will lead to false negatives or false positives, low accuracy of detection results, complex detection process, and low detection efficiency. For this reason, the present application provides a WebShell detection scheme, which can avoid false negatives or false negatives, and improve the accuracy and efficiency of WebShell detection.

[0049] see figure 1 As shown, the embodiment of this application disc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a WebShell detection method, device and equipment and a readable storage medium. The method disclosed by the invention comprises the following steps: acquiring a script to be detected; extracting grammatical features in the script by using the abstract syntax tree, wherein the grammatical features comprise a function dependency relationship, a class declaration and a function keyword; utilizing a multimode matching algorithm to extract statistical characteristics in the script; fusing the grammar features and the statistical features; and utilizing a machine learning model to calculate a feature value corresponding to the fused feature after fusion, and if the feature value is greater than a preset threshold, determining that the script is WebShell. According to the invention, the abstract syntax tree and the multimode matching algorithm are used for extracting the multi-dimensional features from the script, and then the features are fused, so that the features of all the dimensions complement one another, the defect of a single detection mode is overcome, missing report or false report can be avoided, and the accuracy and efficiency of WebShell detection are improved. Correspondingly, the invention discloses a WebShell detection device and equipment and a readable storage medium, which also have the above technical effects.

Description

technical field [0001] The present application relates to the field of computer technology, and in particular to a WebShell detection method, device, equipment and readable storage medium. Background technique [0002] WebShell is a common means for hackers to invade websites. WebShell is a command execution script, which usually exists in the network in the form of webpage files such as asp, php, jsp or cgi, so detecting WebShell in the network can improve network security. [0003] Currently, there is a single way to detect WebShell. For example: set a detection rule for a certain type of WebShell in advance, and use the detection rule to detect this type of WebShell. However, because the type of WebShell changes frequently, the detection rules set in advance may be invalid, resulting in false negatives or false positives, and the accuracy of detection results is low. Moreover, this detection method requires manual assistance, which increases the detection process and r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06N20/00
CPCG06F21/562G06N20/00
Inventor 鲁威罗杰艾江俊
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap