Webshell interception detection method, device and equipment and readable storage medium

The invention discloses a webshell interception detection method, device and equipment and a readable storage medium, and the method comprises the steps: screening a ciphertext file, a confusion fileand a plaintext file from network flow through a Web application firewall; detecting the plaintext fi...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	LOU WENXIA, FAN YUAN, HUANG JIN
Format:	Patent
Sprache:	chi ; eng
Schlagworte:	ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title
container_volume
creator	LOU WENXIA FAN YUAN HUANG JIN
description	The invention discloses a webshell interception detection method, device and equipment and a readable storage medium, and the method comprises the steps: screening a ciphertext file, a confusion fileand a plaintext file from network flow through a Web application firewall; detecting the plaintext file, and screening out a webshell file from the plaintext file by utilizing a detection result; performing dynamic scheduling test on the ciphertext file, the obfuscated file and the webshell file to obtain an executable malicious file; and intercepting malicious files. According to the method, theWeb application firewall performs layer-by-layer screening on the files in the network flow, and finally the files subjected to the dynamic scheduling test are only suspicious files in the network flow, so that the detection efficiency of the webshell file can be effectively improved. 本发明公开了一种webshell拦截检测方法、装置、设备及可读存储介质，该方法包括：Web应用防火墙从网络流量中，筛选出密文文件、混淆文件和明文文件；对明文文件进行检测，并利用检测结果从明文文件中筛选出webshell文件；对密文文件、混淆文件和webshell文件进行动态调度测
format	Patent
fullrecord	<record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_CN112367336A</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>CN112367336A</sourcerecordid><originalsourceid>FETCH-epo_espacenet_CN112367336A3</originalsourceid><addsrcrecordid>eNqNi70KwjAUhbM4iPoOcdehBuosRXFyEnQrt8mxDeTP5NbntxQfwOmc7_CdpXg-0JUBzkkbGFkjsY1BGjD03Dx4iGY3LR-rISkYifdok0fgmTLIUOcgC8dMPaaHsaNfi8WLXMHmlyuxvZzvzXWPFFuURBoB3Da3qjqo-qhUfVL_OF_LZTqJ</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Webshell interception detection method, device and equipment and readable storage medium</title><source>esp@cenet</source><creator>LOU WENXIA ; FAN YUAN ; HUANG JIN</creator><creatorcontrib>LOU WENXIA ; FAN YUAN ; HUANG JIN</creatorcontrib><description>The invention discloses a webshell interception detection method, device and equipment and a readable storage medium, and the method comprises the steps: screening a ciphertext file, a confusion fileand a plaintext file from network flow through a Web application firewall; detecting the plaintext file, and screening out a webshell file from the plaintext file by utilizing a detection result; performing dynamic scheduling test on the ciphertext file, the obfuscated file and the webshell file to obtain an executable malicious file; and intercepting malicious files. According to the method, theWeb application firewall performs layer-by-layer screening on the files in the network flow, and finally the files subjected to the dynamic scheduling test are only suspicious files in the network flow, so that the detection efficiency of the webshell file can be effectively improved. 本发明公开了一种webshell拦截检测方法、装置、设备及可读存储介质，该方法包括：Web应用防火墙从网络流量中，筛选出密文文件、混淆文件和明文文件；对明文文件进行检测，并利用检测结果从明文文件中筛选出webshell文件；对密文文件、混淆文件和webshell文件进行动态调度测</description><language>chi ; eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2021</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20210212&DB=EPODOC&CC=CN&NR=112367336A$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76516</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20210212&DB=EPODOC&CC=CN&NR=112367336A$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>LOU WENXIA</creatorcontrib><creatorcontrib>FAN YUAN</creatorcontrib><creatorcontrib>HUANG JIN</creatorcontrib><title>Webshell interception detection method, device and equipment and readable storage medium</title><description>The invention discloses a webshell interception detection method, device and equipment and a readable storage medium, and the method comprises the steps: screening a ciphertext file, a confusion fileand a plaintext file from network flow through a Web application firewall; detecting the plaintext file, and screening out a webshell file from the plaintext file by utilizing a detection result; performing dynamic scheduling test on the ciphertext file, the obfuscated file and the webshell file to obtain an executable malicious file; and intercepting malicious files. According to the method, theWeb application firewall performs layer-by-layer screening on the files in the network flow, and finally the files subjected to the dynamic scheduling test are only suspicious files in the network flow, so that the detection efficiency of the webshell file can be effectively improved. 本发明公开了一种webshell拦截检测方法、装置、设备及可读存储介质，该方法包括：Web应用防火墙从网络流量中，筛选出密文文件、混淆文件和明文文件；对明文文件进行检测，并利用检测结果从明文文件中筛选出webshell文件；对密文文件、混淆文件和webshell文件进行动态调度测</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2021</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNi70KwjAUhbM4iPoOcdehBuosRXFyEnQrt8mxDeTP5NbntxQfwOmc7_CdpXg-0JUBzkkbGFkjsY1BGjD03Dx4iGY3LR-rISkYifdok0fgmTLIUOcgC8dMPaaHsaNfi8WLXMHmlyuxvZzvzXWPFFuURBoB3Da3qjqo-qhUfVL_OF_LZTqJ</recordid><startdate>20210212</startdate><enddate>20210212</enddate><creator>LOU WENXIA</creator><creator>FAN YUAN</creator><creator>HUANG JIN</creator><scope>EVB</scope></search><sort><creationdate>20210212</creationdate><title>Webshell interception detection method, device and equipment and readable storage medium</title><author>LOU WENXIA ; FAN YUAN ; HUANG JIN</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_CN112367336A3</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>chi ; eng</language><creationdate>2021</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>LOU WENXIA</creatorcontrib><creatorcontrib>FAN YUAN</creatorcontrib><creatorcontrib>HUANG JIN</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>LOU WENXIA</au><au>FAN YUAN</au><au>HUANG JIN</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Webshell interception detection method, device and equipment and readable storage medium</title><date>2021-02-12</date><risdate>2021</risdate><abstract>The invention discloses a webshell interception detection method, device and equipment and a readable storage medium, and the method comprises the steps: screening a ciphertext file, a confusion fileand a plaintext file from network flow through a Web application firewall; detecting the plaintext file, and screening out a webshell file from the plaintext file by utilizing a detection result; performing dynamic scheduling test on the ciphertext file, the obfuscated file and the webshell file to obtain an executable malicious file; and intercepting malicious files. According to the method, theWeb application firewall performs layer-by-layer screening on the files in the network flow, and finally the files subjected to the dynamic scheduling test are only suspicious files in the network flow, so that the detection efficiency of the webshell file can be effectively improved. 本发明公开了一种webshell拦截检测方法、装置、设备及可读存储介质，该方法包括：Web应用防火墙从网络流量中，筛选出密文文件、混淆文件和明文文件；对明文文件进行检测，并利用检测结果从明文文件中筛选出webshell文件；对密文文件、混淆文件和webshell文件进行动态调度测</abstract><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier
ispartof
issn
language	chi ; eng
recordid	cdi_epo_espacenet_CN112367336A
source	esp@cenet
subjects	ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title	Webshell interception detection method, device and equipment and readable storage medium
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-13T13%3A50%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=LOU%20WENXIA&rft.date=2021-02-12&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3ECN112367336A%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true