Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

WebShell detection method and electronic device

A technology of electronic equipment and detection method, which is applied in the field of communication, can solve the problems such as the inability to improve the detection success rate and the inability to reduce the false alarm rate, and achieve the effects of small data processing, improved detection speed, and guaranteed detection efficiency

Inactive Publication Date: 2016-07-27
CHINA MOBILE COMM GRP CO LTD
View PDF5 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Currently, methods for detecting WebShell can include: feature-based detection, which mainly matches key functions in WebShell static files, but this method cannot improve the detection success rate
Based on the detection of page associations, the isolated pages in the website are found by sorting out the page associations. The isolated pages are WebShells. However, this method cannot reduce the false positive rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WebShell detection method and electronic device
  • WebShell detection method and electronic device
  • WebShell detection method and electronic device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] This embodiment provides a WebShell detection method, such as figure 1 shown, including:

[0046] Step 101: Obtain an access log that meets a first preset condition, wherein the first preset condition indicates that the access log is an access log for a dynamic page;

[0047] Step 102: extracting Universal Resource Identifier (URI) information from the access log;

[0048] Step 103: Utilize the first application to analyze the URI information to obtain an analysis result;

[0049] Step 104: Determine whether the parsing result carries preset characteristic parameters, and when the parsing result carries preset characteristic parameters, determine that the URI information points to WebShell, and perform alarm processing on the URI information.

[0050] The malicious code described in this embodiment may be WebShell.

[0051] Here, the obtaining the access log meeting the first preset condition may include: obtaining the access log from the web server, converting the o...

Embodiment 2

[0083] This embodiment provides an electronic device, such as Figure 5 As shown, the electronic equipment includes:

[0084] An information extraction unit 51, configured to obtain an access log that meets a first preset condition, wherein the first preset condition indicates that the access log is an access log for a dynamic page; extract a general resource identifier from the access log character URI information;

[0085] A parsing unit 52, configured to use the first application to parse the URI information to obtain a parsing result;

[0086] The processing unit 53 is configured to judge whether the parsing result carries a preset characteristic parameter, and when the parsing result carries a preset characteristic parameter, determine that the URI information points to WebShell, and perform a process on the URI information Alarm handling.

[0087] The information extraction unit is specifically configured to obtain the access log from the web server, convert the obtai...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a WebShell detection method and an electronic device. The method comprises the steps of acquiring an access log that meets a first preset condition, wherein the first preset condition shows that the access log aims at a dynamic page; extracting the information of a universal resource identifier (URI) out of the access log; parsing the information of the URI to obtain a parsed result based on the first application; judging whether the parsed result contains preset characteristic parameters or not; on the condition that the parsed result contains preset characteristic parameters, determining that the information of the URI points to a WebShell, and conducting the alarming treatment on the information of the URI.

Description

technical field [0001] The invention relates to detection technology in the communication field, in particular to a WebShell detection method and electronic equipment. Background technique [0002] With the continuous progress and development of webpage (WEB) technology, more and more complex security issues are also faced by WEB applications. After a hacker invades a website, he often controls the website for a long time by implanting a WebShell, such as a WebShell backdoor, in the website. Currently, methods for detecting WebShell can include: feature-based detection, which mainly matches key functions in WebShell static files. However, this method cannot improve the detection success rate. Based on the detection of the page association relationship, the isolated page in the website is found by combing the page association relationship. The isolated page is the WebShell. However, this method cannot reduce the false positive rate. Contents of the invention [0003] In v...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 付俊张峰王坤张庆卢楠
Owner CHINA MOBILE COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com