Unlock instant, AI-driven research and patent intelligence for your innovation.

A webshell detection method and system thereof

A detection method and web application technology, which is applied in the directions of instruments, calculations, and electrical digital data processing, etc., and can solve security problems such as false positives, false negatives, and the inability to effectively identify WebShell backdoors, etc.

Active Publication Date: 2021-11-16
杭州美创科技股份有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because it relies on its own relevant matching rules or strategies, it often leads to a large number of false positives and false negatives in terms of security issues, and is often at a disadvantage in intelligence updates and threat sniffing; at the same time, because its security judgment is based on rules, And the rules are often a collection of known threats, resulting in the existence of WebShell that can bypass detection and attack
Therefore, the current WebShell detection and identification method cannot effectively identify the changeable WebShell backdoor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A webshell detection method and system thereof
  • A webshell detection method and system thereof
  • A webshell detection method and system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0070] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0071] It should be understood that when used in this specification and the appended claims, the terms "comprising" and "comprises" indicate the presence of described features, integers, steps, operations, elements and / or components, but do not exclude one or Presence or addition of multiple other features, integers, steps, operations, elements, components and / or collections thereof.

[0072] It should also be understood that the terminology used ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a WebShell detection method and system thereof. The method includes: deploying an encryption tool and a decryption tool; extracting relevant information of a Web application; judging whether there is a new dynamic script file in all file directories in the relevant information; if it exists, judging whether there is call chain information; , then the newly-added dynamic script file is isolated, and a malicious Webshell alarm is carried out; if it does not exist, the encryption of the dynamic script file is performed to obtain the encryption result; whether the encryption is successful is judged; if the encryption is successful, the encrypted Decrypt the dynamic script file to obtain the decryption result; judge whether the decryption is successful; if not, isolate the dynamic script file that failed to decrypt; generate a malicious WebShell alarm. By implementing the method of the embodiment of the present invention, it is possible to effectively identify changeable WebShell backdoors.

Description

technical field [0001] The invention relates to the technical field of webpage security analysis, and more specifically refers to a WebShell detection method and a system thereof. Background technique [0002] Traditional WebShell detection and recognition is based on known WebShell code characteristics and WebShell traffic characteristics. By detecting the WebShell code, it is detected whether the WebShell code matches the existing common WebShell code signature library, and the functions used in the code are detected to obtain a judgment ; To detect the WebShell traffic characteristics, one is based on the commands executed by WebShell and the payload characteristics, and the other is based on the traffic characteristics of common WebShell management tools, such as kitchen knife and ice scorpion. Because it relies on its own relevant matching rules or strategies, it often leads to a large number of false positives and false negatives in terms of security issues, and is oft...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/60
CPCG06F21/563G06F21/602
Inventor 覃锦端刘隽良柳遵梁刘聪
Owner 杭州美创科技股份有限公司