CN116132175B - Event-driven network engine-based remote back door detection method - Google Patents
Event-driven network engine-based remote back door detection method Download PDFInfo
- Publication number
- CN116132175B CN116132175B CN202310124494.3A CN202310124494A CN116132175B CN 116132175 B CN116132175 B CN 116132175B CN 202310124494 A CN202310124494 A CN 202310124494A CN 116132175 B CN116132175 B CN 116132175B
- Authority
- CN
- China
- Prior art keywords
- bitmap
- event
- back door
- qimage
- remote desktop
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Abstract
The application discloses a remote back door detection method based on an event-driven network engine, and relates to the field of network security. According to the method, the remote triggering process of replacing the backdoor is realized by three steps of establishing an event callback through a registration protocol stack, closing the event callback through the protocol stack and updating the event callback through a bitmap, judging whether a backdoor sensitive word of a specific type is contained or not through character recognition, and finally determining whether the backdoor is a backdoor host. The application is independent of the traditional terminal detection, the replacement back door is checked in a remote detection mode, the user is free from feeling in the remote triggering process, and the user network and the computing resource are not occupied. The method has no false alarm, and improves the detection efficiency of the back door.
Description
Technical Field
The application belongs to the technical field of network security, and particularly relates to a remote back door detection method based on an event-driven network engine.
Background
The back door refers to a method for bypassing security control of software and acquiring access control rights to a program or a system from a relatively hidden channel. The backgate procedure is typically implanted by an attacker into the victim terminal, thereby enabling long-term control of the target system. Once implanted, the back door is difficult to detect and discover, because the back door is generally hidden and part of the back door is similar to a common program and cannot be checked and killed by the disinfection software. The detection capability for the rear door will thus help to improve system safety.
At present, a terminal detection mode is generally adopted for detecting the back door, the degree of automation is not high, and different types of back door detection modes are different. The manual detection mode comprises a self-starting item, a system service item, file integrity, system account checking and the like. The automatic detection mode is generally based on a program analysis technology, and is analyzed from a code level by a semantic analysis technology, a simulation execution technology, an API hooking technology and the like from the static detection and dynamic monitoring technologies. However, since the prediction of the backdoor behavior is very difficult, if the backdoor behavior is not triggered by an attacker, the large-scale analysis in a large number of programs is difficult, and no flow alarm information is generated. Part of the backdoor is consistent with a common program and does not contain malicious codes, so that the program analysis technology is difficult to deal with.
Disclosure of Invention
In order to solve the technical problems, the application provides a remote back door detection scheme based on an event driven network engine. According to the scheme, the replacement back door can be inspected in a remote detection mode, false alarm is avoided, terminal computing resources are not occupied, and the detection capability of the back door is effectively improved. The event driven model is an observer model, and the generated event is processed according to a callback function defined in advance by establishing an observer.
The first aspect of the application discloses a remote backdoor detection method based on an event-driven network engine. The method comprises the following steps: step S1, creating a remote desktop protocol factory based on an event-driven network engine to further create observer services, wherein the observer services comprise a registration protocol stack establishment event callback, a protocol stack closing event callback and a bitmap updating event callback; step S2, adding a SentKeyEventScancode of a simulated keyboard input function in a protocol stack establishment event of the remote desktop protocol factory so as to simulate triggering back door actions; step S3, in the bitmap update event callback, when a bitmap update request is received, converting a bitmap into a picture object QImage according to bitmap parameters, drawing the picture object QImage into a self-defined area of local equipment, and then storing the picture object QImage into a buffer area; the bitmap parameters comprise the width and the height of the bitmap and the bit number of each pixel, and the bitmap is converted into the picture object QImage by compressing bitmap attributes and bitmap data according to the bitmap parameters; step S4, defining and writing the content in the buffer area into a picture file under a specified directory in an event of closing a remote desktop protocol stack of the remote desktop protocol factory; step S5, establishing connection of the remote desktop protocol factory with a target to be detected, triggering the protocol stack to establish an event callback, simulating triggering the back door action, triggering the bitmap update event callback after generating the bitmap update request, and then closing connection of the remote desktop protocol factory with the target to be detected; step S6, triggering the protocol stack closing event callback, wherein the picture object QImage stored in the buffer area in step S3 is stored in the picture file under the appointed directory; and S7, carrying out image character recognition on the saved picture object QImage in the picture file saved under the appointed directory by utilizing an OCR technology, judging whether the recognized characters contain sensitive words, and if so, judging that the host of the target to be detected has a replacement type backdoor.
According to the method of the first aspect, in the step S1, further includes: an initial screen width, height, and service security level are set for the remote desktop protocol factory, and network-level authentication is not applicable to the remote desktop protocol factory.
According to the method of the first aspect, the sensitive words comprise various sensitive words of different back door types, and a sensitive word stock is formed by extracting keywords of the different back door types; in step S7, after identifying the text from the image object QImage, matching the identified text with the various sensitive words in the sensitive word stock, and determining whether the host of the target to be detected has a replacement type backdoor based on a matching result.
The second aspect of the application discloses a remote back door detection system based on an event driven network engine. The system comprises: a first processing unit configured to perform: step S1, creating a remote desktop protocol factory based on an event-driven network engine to further create observer services, wherein the observer services comprise a registration protocol stack establishment event callback, a protocol stack closing event callback and a bitmap updating event callback; step S2, adding a SentKeyEventScancode of a simulated keyboard input function in a protocol stack establishment event of the remote desktop protocol factory so as to simulate triggering back door actions; step S3, in the bitmap update event callback, when a bitmap update request is received, converting a bitmap into a picture object QImage according to bitmap parameters, drawing the picture object QImage into a self-defined area of local equipment, and then storing the picture object QImage into a buffer area; the bitmap parameters comprise the width and the height of the bitmap and the bit number of each pixel, and the bitmap is converted into the picture object QImage by compressing bitmap attributes and bitmap data according to the bitmap parameters; step S4, defining and writing the content in the buffer area into a picture file under a specified directory in an event of closing a remote desktop protocol stack of the remote desktop protocol factory; a second processing unit configured to: step S5, establishing connection of the remote desktop protocol factory with a target to be detected, triggering the protocol stack to establish an event callback, simulating triggering the back door action, triggering the bitmap update event callback after generating the bitmap update request, and then closing connection of the remote desktop protocol factory with the target to be detected; step S6, triggering the protocol stack closing event callback, wherein the picture object QImage stored in the buffer area in step S3 is stored in the picture file under the appointed directory; and S7, carrying out image character recognition on the saved picture object QImage in the picture file saved under the appointed directory by utilizing an OCR technology, judging whether the recognized characters contain sensitive words, and if so, judging that the host of the target to be detected has a replacement type backdoor.
The system according to the second aspect, the first processing unit is further configured to: an initial screen width, height, and service security level are set for the remote desktop protocol factory, and network-level authentication is not applicable to the remote desktop protocol factory.
According to the system of the second aspect, the sensitive words comprise various sensitive words aiming at different back door types, and a sensitive word stock is formed by extracting keywords of the different back door types; the second processing unit chicken leg is configured to: after identifying the characters from the picture object QImage, matching the identified characters with the various sensitive words in the sensitive word stock, and determining whether a host of the target to be detected has a replacement type backdoor based on a matching result.
A third aspect of the application discloses an electronic device. The electronic device comprises a memory storing a computer program and a processor implementing the steps in a method for event driven network engine based remote back door detection according to any of the first aspects of the present disclosure when the processor executes the computer program.
A fourth aspect of the application discloses a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps in a method for event driven network engine based remote back door detection as described in any of the first aspects of the present disclosure.
In summary, the technical scheme provided by the application does not depend on terminal detection, and the user is free from feeling in the remote triggering process, and does not occupy the user network and the computing resources. The method has no false alarm, and improves the detection efficiency of the back door.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings which are required in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are some embodiments of the application and that other drawings may be obtained from these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for event driven network engine based remote back door detection in accordance with an embodiment of the present application;
FIG. 2 is a flow chart of constructing a backdoor sensitive word stock according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The first aspect of the application discloses a remote backdoor detection method based on an event-driven network engine. The method comprises the following steps: step S1, creating a remote desktop protocol factory based on an event-driven network engine to further create observer services, wherein the observer services comprise a registration protocol stack establishment event callback, a protocol stack closing event callback and a bitmap updating event callback; step S2, adding a SentKeyEventScancode of a simulated keyboard input function in a protocol stack establishment event of the remote desktop protocol factory so as to simulate triggering back door actions; step S3, in the bitmap update event callback, when a bitmap update request is received, converting a bitmap into a picture object QImage according to bitmap parameters, drawing the picture object QImage into a self-defined area of local equipment, and then storing the picture object QImage into a buffer area; the bitmap parameters comprise the width and the height of the bitmap and the bit number of each pixel, and the bitmap is converted into the picture object QImage by compressing bitmap attributes and bitmap data according to the bitmap parameters; step S4, defining and writing the content in the buffer area into a picture file under a specified directory in an event of closing a remote desktop protocol stack of the remote desktop protocol factory; step S5, establishing connection of the remote desktop protocol factory with a target to be detected, triggering the protocol stack to establish an event callback, simulating triggering the back door action, triggering the bitmap update event callback after generating the bitmap update request, and then closing connection of the remote desktop protocol factory with the target to be detected; step S6, triggering the protocol stack closing event callback, wherein the picture object QImage stored in the buffer area in step S3 is stored in the picture file under the appointed directory; and S7, carrying out image character recognition on the saved picture object QImage in the picture file saved under the appointed directory by utilizing an OCR technology, judging whether the recognized characters contain sensitive words, and if so, judging that the host of the target to be detected has a replacement type backdoor.
In some embodiments, in the step S1, further includes: an initial screen width, height, and service security level are set for the remote desktop protocol factory, and network-level authentication is not applicable to the remote desktop protocol factory.
In some embodiments, the sensitive words comprise various sensitive words of different back door types, and a sensitive word stock is formed by extracting keywords of the different back door types; in step S7, after identifying the text from the image object QImage, matching the identified text with the various sensitive words in the sensitive word stock, and determining whether the host of the target to be detected has a replacement type backdoor based on a matching result.
FIG. 1 is a flow chart of a method for event driven network engine based remote back door detection in accordance with an embodiment of the present application; as shown in fig. 1, the remote backdoor detection method based on the event-driven network engine provided by the application realizes remote triggering of the replacement backdoor and stores a triggering scene by three steps of establishing an event callback through a registration protocol stack, closing the event callback through the protocol stack and updating the event callback through a bitmap, judges whether a backdoor sensitive word of a specific type is contained or not through character recognition, and finally determines whether the backdoor is a backdoor host.
The following describes the application of this method to the remote detection of a shift back door scenario. The specific detection method comprises the following steps:
step A: registering RDP network protocol interaction basic event callback mainly comprising protocol stack establishment event callback, protocol stack closing event callback and bitmap updating event callback, and being managed by observer service;
and (B) step (B): in the protocol stack connection event callback, the main function is to simulate the input of a sendKeyScancode by a keyboard, the key and release processes are included, the key and the release processes are respectively represented by True and False parameters, the parameters of the execution function are keyboard scanning codes 42 of shift keys, the input event of the keyboard is simulated for 5 times, and the viscous key function is triggered;
step C: in a bitmap update event callback, when bitmap update is received, converting the bitmap into a QImage object according to the specified size and pixels, acquiring specific parameters through analyzing a Protocol Data Unit (PDU), and drawing the bitmap into a temporary memory;
step D: automatically saving the data in the temporary memory to a file rdp.jpg in a connection closing event;
step E: establishing RDP connection with a target to be detected, firstly triggering a protocol stack establishment event callback, triggering shift action in the event callback, generating bitmap update after the connection state, triggering the bitmap update event callback, saving the bitmap in a memory, and finally closing remote connection
Step F: triggering the protocol stack to close the event callback, and storing the previously stored picture object into a local file rdp.jpg;
step G: the specific implementation of the OCR technology is utilized to realize easy OCR, a reader object is created to read rdp.jpg for character recognition, the characters sethc.exe are recognized, the characters are matched with a backdoor sensitive word stock, and the characters are confirmed to be in the sensitive word stock.
FIG. 2 is a flow chart of constructing a backdoor sensitive word stock according to an embodiment of the present application; as shown in fig. 2: setting up different types of replacement backdoor scenes, including shift backdoors, magnifier backdoors, easy access backdoors, screen reader backdoors, osk backdoors and the like, locally triggering the backdoors and saving the triggering scene pictures, extracting keywords for triggering backdoor images by using easy OCR, constructing a basic word stock, deleting words containing repeated items in the word stock, and forming a backdoor sensitive word stock.
The second aspect of the application discloses a remote back door detection system based on an event driven network engine. The system comprises: a first processing unit configured to perform: step S1, creating a remote desktop protocol factory based on an event-driven network engine to further create observer services, wherein the observer services comprise a registration protocol stack establishment event callback, a protocol stack closing event callback and a bitmap updating event callback; step S2, adding a SentKeyEventScancode of a simulated keyboard input function in a protocol stack establishment event of the remote desktop protocol factory so as to simulate triggering back door actions; step S3, in the bitmap update event callback, when a bitmap update request is received, converting a bitmap into a picture object QImage according to bitmap parameters, drawing the picture object QImage into a self-defined area of local equipment, and then storing the picture object QImage into a buffer area; the bitmap parameters comprise the width and the height of the bitmap and the bit number of each pixel, and the bitmap is converted into the picture object QImage by compressing bitmap attributes and bitmap data according to the bitmap parameters; step S4, defining and writing the content in the buffer area into a picture file under a specified directory in an event of closing a remote desktop protocol stack of the remote desktop protocol factory; a second processing unit configured to: step S5, establishing connection of the remote desktop protocol factory with a target to be detected, triggering the protocol stack to establish an event callback, simulating triggering the back door action, triggering the bitmap update event callback after generating the bitmap update request, and then closing connection of the remote desktop protocol factory with the target to be detected; step S6, triggering the protocol stack closing event callback, wherein the picture object QImage stored in the buffer area in step S3 is stored in the picture file under the appointed directory; and S7, carrying out image character recognition on the saved picture object QImage in the picture file saved under the appointed directory by utilizing an OCR technology, judging whether the recognized characters contain sensitive words, and if so, judging that the host of the target to be detected has a replacement type backdoor.
The system according to the second aspect, the first processing unit is further configured to: an initial screen width, height, and service security level are set for the remote desktop protocol factory, and network-level authentication is not applicable to the remote desktop protocol factory.
According to the system of the second aspect, the sensitive words comprise various sensitive words aiming at different back door types, and a sensitive word stock is formed by extracting keywords of the different back door types; the second processing unit chicken leg is configured to: after identifying the characters from the picture object QImage, matching the identified characters with the various sensitive words in the sensitive word stock, and determining whether a host of the target to be detected has a replacement type backdoor based on a matching result.
A third aspect of the application discloses an electronic device. The electronic device comprises a memory storing a computer program and a processor implementing the steps in a method for event driven network engine based remote back door detection according to any of the first aspects of the present disclosure when the processor executes the computer program.
Fig. 3 is a block diagram of an electronic device according to an embodiment of the present application, and as shown in fig. 3, the electronic device includes a processor, a memory, a communication interface, a display screen, and an input device connected through a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic device includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the electronic device is used for conducting wired or wireless communication with an external terminal, and the wireless communication can be achieved through WIFI, an operator network, near Field Communication (NFC) or other technologies. The display screen of the electronic equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the electronic equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the electronic equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in fig. 3 is merely a block diagram of a portion related to the technical solution of the present disclosure, and does not constitute a limitation of the electronic device to which the technical solution of the present disclosure is applied, and that a specific electronic device may include more or less components than those shown in the drawings, or may combine some components, or have different component arrangements.
A fourth aspect of the application discloses a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps in a method for event driven network engine based remote back door detection as described in any of the first aspects of the present disclosure.
In summary, the technical scheme provided by the application does not depend on terminal detection, and the user is free from feeling in the remote triggering process, and does not occupy the user network and the computing resources. The method has no false alarm, and improves the detection efficiency of the back door.
Note that the technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be regarded as the scope of the description. The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (8)
1. A method for remote back door detection based on an event driven network engine, the method comprising the steps of:
step S1, creating a remote desktop protocol factory based on an event-driven network engine to further create observer services, wherein the observer services comprise a registration protocol stack establishment event callback, a protocol stack closing event callback and a bitmap updating event callback;
step S2, adding a SentKeyEventScancode of a simulated keyboard input function in a protocol stack establishment event of the remote desktop protocol factory so as to simulate triggering back door actions;
step S3, in the bitmap update event callback, when a bitmap update request is received, converting a bitmap into a picture object QImage according to bitmap parameters, drawing the picture object QImage into a self-defined area of local equipment, and then storing the picture object QImage into a buffer area;
the bitmap parameters comprise the width and the height of the bitmap and the bit number of each pixel, and the bitmap is converted into the picture object QImage by compressing bitmap attributes and bitmap data according to the bitmap parameters;
step S4, defining and writing the content in the buffer area into a picture file under a specified directory in an event of closing a remote desktop protocol stack of the remote desktop protocol factory;
step S5, establishing connection of the remote desktop protocol factory with a target to be detected, triggering the protocol stack to establish an event callback, simulating triggering the back door action, triggering the bitmap update event callback after generating the bitmap update request, and then closing connection of the remote desktop protocol factory with the target to be detected;
step S6, triggering the protocol stack closing event callback, wherein the picture object QImage stored in the buffer area in step S3 is stored in the picture file under the appointed directory;
and S7, carrying out image character recognition on the saved picture object QImage in the picture file saved under the appointed directory by utilizing an OCR technology, judging whether the recognized characters contain sensitive words, and if so, judging that the host of the target to be detected has a replacement type backdoor.
2. The method for remote back door detection based on event driven network engine according to claim 1, further comprising, in the step S1: an initial screen width, height, and service security level are set for the remote desktop protocol factory, and network-level authentication is not applicable to the remote desktop protocol factory.
3. The method for detecting the remote back door based on the event-driven network engine according to claim 2, wherein the sensitive words comprise various sensitive words of different back door types, and a sensitive word stock is formed by extracting keywords of the different back door types; in step S7, after identifying the text from the image object QImage, matching the identified text with the various sensitive words in the sensitive word stock, and determining whether the host of the target to be detected has a replacement type backdoor based on a matching result.
4. A remote back door detection system based on an event driven network engine, the system comprising:
a first processing unit configured to perform:
step S1, creating a remote desktop protocol factory based on an event-driven network engine to further create observer services, wherein the observer services comprise a registration protocol stack establishment event callback, a protocol stack closing event callback and a bitmap updating event callback;
step S2, adding a SentKeyEventScancode of a simulated keyboard input function in a protocol stack establishment event of the remote desktop protocol factory so as to simulate triggering back door actions;
step S3, in the bitmap update event callback, when a bitmap update request is received, converting a bitmap into a picture object QImage according to bitmap parameters, drawing the picture object QImage into a self-defined area of local equipment, and then storing the picture object QImage into a buffer area;
the bitmap parameters comprise the width and the height of the bitmap and the bit number of each pixel, and the bitmap is converted into the picture object QImage by compressing bitmap attributes and bitmap data according to the bitmap parameters;
step S4, defining and writing the content in the buffer area into a picture file under a specified directory in an event of closing a remote desktop protocol stack of the remote desktop protocol factory;
a second processing unit configured to:
step S5, establishing connection of the remote desktop protocol factory with a target to be detected, triggering the protocol stack to establish an event callback, simulating triggering the back door action, triggering the bitmap update event callback after generating the bitmap update request, and then closing connection of the remote desktop protocol factory with the target to be detected;
step S6, triggering the protocol stack closing event callback, wherein the picture object QImage stored in the buffer area in step S3 is stored in the picture file under the appointed directory;
and S7, carrying out image character recognition on the saved picture object QImage in the picture file saved under the appointed directory by utilizing an OCR technology, judging whether the recognized characters contain sensitive words, and if so, judging that the host of the target to be detected has a replacement type backdoor.
5. The event driven network engine based remote back door detection system of claim 4, wherein the first processing unit is further configured to: an initial screen width, height, and service security level are set for the remote desktop protocol factory, and network-level authentication is not applicable to the remote desktop protocol factory.
6. The system of claim 5, wherein the sensitive words comprise various sensitive words for different types of backdoor, and the sensitive word library is formed by extracting keywords of the different types of backdoor; the second processing unit chicken leg is configured to: after identifying the characters from the picture object QImage, matching the identified characters with the various sensitive words in the sensitive word stock, and determining whether a host of the target to be detected has a replacement type backdoor based on a matching result.
7. An electronic device comprising a memory and a processor, the memory storing a computer program, the processor implementing the steps in a method of event driven network engine based remote back door detection as claimed in any of claims 1-3 when the computer program is executed.
8. A computer readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, implements the steps of a method for event driven network engine based remote back door detection according to any of claims 1-3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310124494.3A CN116132175B (en) | 2023-02-16 | 2023-02-16 | Event-driven network engine-based remote back door detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310124494.3A CN116132175B (en) | 2023-02-16 | 2023-02-16 | Event-driven network engine-based remote back door detection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116132175A CN116132175A (en) | 2023-05-16 |
CN116132175B true CN116132175B (en) | 2023-09-22 |
Family
ID=86297166
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310124494.3A Active CN116132175B (en) | 2023-02-16 | 2023-02-16 | Event-driven network engine-based remote back door detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116132175B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107451476A (en) * | 2017-07-21 | 2017-12-08 | 上海携程商务有限公司 | Webpage back door detection method, system, equipment and storage medium based on cloud platform |
CN108563493A (en) * | 2018-04-12 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of event-driven method, device, equipment and readable storage medium storing program for executing |
CN114401103A (en) * | 2021-11-30 | 2022-04-26 | 奇安信科技集团股份有限公司 | SMB remote transmission file detection method and device |
CN114692145A (en) * | 2020-12-28 | 2022-07-01 | 奇安信安全技术(珠海)有限公司 | Rear door detection method and system |
-
2023
- 2023-02-16 CN CN202310124494.3A patent/CN116132175B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107451476A (en) * | 2017-07-21 | 2017-12-08 | 上海携程商务有限公司 | Webpage back door detection method, system, equipment and storage medium based on cloud platform |
CN108563493A (en) * | 2018-04-12 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of event-driven method, device, equipment and readable storage medium storing program for executing |
CN114692145A (en) * | 2020-12-28 | 2022-07-01 | 奇安信安全技术(珠海)有限公司 | Rear door detection method and system |
CN114401103A (en) * | 2021-11-30 | 2022-04-26 | 奇安信科技集团股份有限公司 | SMB remote transmission file detection method and device |
Also Published As
Publication number | Publication date |
---|---|
CN116132175A (en) | 2023-05-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111767554B (en) | Screen sharing method and device, storage medium and electronic equipment | |
US10691390B2 (en) | Method and device for video rendering | |
CN111737692B (en) | Application program risk detection method and device, equipment and storage medium | |
CN112541181A (en) | Method and device for detecting server security | |
CN114157568B (en) | Browser secure access method, device, equipment and storage medium | |
CN110070360B (en) | Transaction request processing method, device, equipment and storage medium | |
CN111597553A (en) | Process processing method, device, equipment and storage medium in virus searching and killing | |
CN109284590A (en) | Access method, equipment, storage medium and the device of behavior safety protection | |
CN116132175B (en) | Event-driven network engine-based remote back door detection method | |
CN111222153A (en) | Application program authority management method and device and storage medium | |
CN113434217B (en) | Vulnerability scanning method, vulnerability scanning device, computer equipment and medium | |
CN113411332B (en) | CORS vulnerability detection method, device, equipment and medium | |
CN115828256A (en) | Unauthorized and unauthorized logic vulnerability detection method | |
CN112351008B (en) | Network attack analysis method and device, readable storage medium and computer equipment | |
CN111859356B (en) | Application program login method and device | |
US20140044364A1 (en) | Method of Image Identification Based on Artificial Intelligence | |
CN106055693A (en) | Information processing method and terminal | |
CN113590564A (en) | Data storage method and device, electronic equipment and storage medium | |
WO2020240637A1 (en) | Learning device, determination device, learning method, determination method, learning program, and determination program | |
CN111679862A (en) | Cloud host shutdown method and device, electronic equipment and medium | |
CN114781557B (en) | Image information acquisition method and device and computer-readable storage medium | |
CN116049823B (en) | Memory horse detection method and device, computer equipment and storage medium | |
CN110892677A (en) | System and method for distinguishing human user from software robot | |
CN111142856B (en) | Automatic picture identification database resource table establishment method and system | |
CN117290842A (en) | Method and device for extracting static features of malicious document |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |