A confirmation method for web backdoor attack events

An attack event and backdoor technology, applied in electrical components, digital transmission systems, data exchange networks, etc., can solve problems such as frequent page turning, misjudgment, and lack of authority for server operation and maintenance, and achieve improved recognition rate and accuracy, The effect of reducing the false positive rate of alarms

Active Publication Date: 2021-02-09
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the above means have the following disadvantages: (1) security personnel may not be able to handle all WEB backdoor attack events on the network security protection equipment in time
Because analysts related to information security in actual work often do not have the authority to operate and maintain the server, and cannot log in to the server for troubleshooting in time
(2) Only relying on the analyst's own experience is often unable to accurately judge whether the backdoor attack is successful, and there may be misjudgments
(3) There are too many false alarms on the network security protection equipment, causing security personnel to frequently turn pages when analyzing alarm records, and it is easy to ignore important attack clues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A confirmation method for web backdoor attack events

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The specific implementation manners of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0026] The confirmation method of WEB backdoor attack event of the present invention comprises the following steps:

[0027] (1) Obtain the alarm log from the network security protection device, judge whether it is a WEB backdoor attack event alarm according to the type description field of the log, and discard if not; the network security protection device can refer to a firewall or an IDS device (Intrusion Detection System, Intrusion Detection Systems ).

[0028] (2) From the alarm log of WEB backdoor attack, take out the attack time, attacker IP, attacker port number, attacked IP, attacked domain name, attack request header and attack response header recorded in each alarm log one by one;

[0029] (3) Extract the target domain name or IP of the attack according to the attack response header, and compare the pre-configured se...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to network security protection technology and aims to provide a method for confirming WEB backdoor attack events. The present invention analyzes firewall, IDS, IPS and relevant WEB server log, extracts the log record of WEB backdoor attack type, according to the attack time, attacker IP, attacker port number, attacked IP, Attacked domain name, attack request header and attack response header to further judge whether the attack of the WEB backdoor is successful; return the confirmation result to the corresponding network protection device, and mark the confirmed WEB backdoor attack event as a successful attack event and display it to user. The invention can provide more scientific confirmation means for WEB backdoor attack events, improve the recognition rate and accuracy rate of WEB backdoor attacks by network security protection equipment, and reduce the alarm false alarm rate for confirming successful attacks.

Description

technical field [0001] The invention relates to network security protection technology, in particular to a method for confirming WEB backdoor attack events. Background technique [0002] WEB backdoor, called WebShell in English, refers to a webpage Trojan horse implemented by webpage codes for illegal purposes. Specifically, the attacker controls the entire WEB server by implanting a WEB backdoor, uploads and downloads files, and illegally tampers with files. [0003] With the increasing number of network attack incidents, the attack techniques and means of network hackers are becoming more and more sophisticated, and the open source hacking tools circulating on the Internet have reduced the cost of attacks. Therefore, there are countless illegal scanning, backdoor detection and other attack traffic every day. The logs on the firewall, IDS, and IPS devices are also the accumulation of tens of millions of attack data every day. The WEB backdoor attack incident is often the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08H04L12/24
CPCH04L41/069H04L63/1425H04L63/145H04L67/02
Inventor 王世晋范渊郝辰亮黄进
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap