Check patentability & draft patents in minutes with Patsnap Eureka AI!

Webshell detection method, storage medium and system

A detection method and detection system technology, applied in the field of network security, can solve problems such as insufficient and inability to determine dynamic executable points, and achieve the effects of improving construction efficiency, improving detection accuracy, and improving efficiency and accuracy.

Active Publication Date: 2021-08-10
NAT UNIV OF DEFENSE TECH
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because these features are not unique to Webshell files; the latest neural network proposed uses PHP dynamic executable features as features for model training. For Webshell, it is not enough to only detect PHP dynamic executable features, and it cannot be determined dynamically. Executable Points are interactive via attacker input

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method, storage medium and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The specific implementation manners of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0049] This embodiment provides a Webshell detection method, refer to figure 1 , the Webshell detection method includes the following steps:

[0050] S1. Obtain a plurality of detected php files and undetected php files and perform opcode intermediate code sequence conversion to obtain the first opcode intermediate code sequence corresponding to each detected php file and the second opcode intermediate code sequence corresponding to the undetected php file.

[0051] In this embodiment, the collected Webshell samples (including detected php files and undetected php files) are converted into opcode intermediate code sequences by using phpdbg combined with regular matching.

[0052] S2. Extracting Webshell text features for each of the first opcode intermediate code sequence and the second opcode intermediate code sequence to obta...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a Webshell detection method. The Webshell detection method comprises the following steps: acquiring a plurality of detected php files and a to-be-detected php file, and carrying out opcode intermediate code sequence conversion; performing Webshell text feature extraction on each first opcode intermediate code sequence and each second opcode intermediate code sequence; thirdly, conducting PHP code data flow controllable feature extraction on the multiple detected php files and the to-be-detected php file; constructing a feature matrix and inputting the feature matrix into a neural network for training; and inputting the second Webshell text feature and the second PHP code data flow controllable feature into the trained neural network to carry out Webshell detection. The invention further provides a storage medium and a system. According to the method, the accuracy of the Webshell detection result can be improved, and the false alarm rate is low.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a Webshell detection method, a storage medium and a system. Background technique [0002] Webshell is a web backdoor based on web services. Attackers upload webshells to the background server of the website to achieve the purpose of stabilizing the web server and post-infiltration. With the continuous improvement of network security awareness, research on Webshell detection has become one of the current important tasks. [0003] The current webshell detection technology is mainly divided into static detection and dynamic detection technology. The static detection technology summarizes the static features of the webshell and then detects them based on these features. The earliest static detection method is to use regular expressions for matching, but because of the continuous deformation of the Webshell, the regular expressions need to be updated continuously...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F8/41G06N3/04H04L29/06
CPCG06F8/425G06F21/563G06N3/04H04L63/1416
Inventor 赵军陈燏于璐沈毅陈远超许成喜
Owner NAT UNIV OF DEFENSE TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com