CN103905422A - Method and system for searching for webshell with assistance of local simulation request - Google Patents
Method and system for searching for webshell with assistance of local simulation request Download PDFInfo
- Publication number
- CN103905422A CN103905422A CN201310691213.9A CN201310691213A CN103905422A CN 103905422 A CN103905422 A CN 103905422A CN 201310691213 A CN201310691213 A CN 201310691213A CN 103905422 A CN103905422 A CN 103905422A
- Authority
- CN
- China
- Prior art keywords
- webshell
- return data
- web page
- page files
- files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004088 simulation Methods 0.000 title claims abstract description 26
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000001514 detection method Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 4
- 230000009545 invasion Effects 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 240000004859 Gamochaeta purpurea Species 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000035800 maturation Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310691213.9A CN103905422B (en) | 2013-12-17 | 2013-12-17 | Method and system for searching for webshell with assistance of local simulation request |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310691213.9A CN103905422B (en) | 2013-12-17 | 2013-12-17 | Method and system for searching for webshell with assistance of local simulation request |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103905422A true CN103905422A (en) | 2014-07-02 |
CN103905422B CN103905422B (en) | 2017-04-26 |
Family
ID=50996576
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310691213.9A Active CN103905422B (en) | 2013-12-17 | 2013-12-17 | Method and system for searching for webshell with assistance of local simulation request |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103905422B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104331663A (en) * | 2014-10-31 | 2015-02-04 | 北京奇虎科技有限公司 | Detection method of web shell and web server |
CN105760379A (en) * | 2014-12-16 | 2016-07-13 | 中国移动通信集团公司 | Webshell page detection method and device based on intra-domain page association |
CN106992981A (en) * | 2017-03-31 | 2017-07-28 | 北京知道创宇信息技术有限公司 | A kind of website back door detection method, device and computing device |
CN107493278A (en) * | 2017-08-10 | 2017-12-19 | 杭州迪普科技股份有限公司 | A kind of two-way encryption webshell access method and device |
CN107770133A (en) * | 2016-08-19 | 2018-03-06 | 北京升鑫网络科技有限公司 | A kind of adaptability webshell detection methods and system |
CN107911433A (en) * | 2017-12-21 | 2018-04-13 | 上海数烨数据科技有限公司 | A kind of LAN cluster system access method based on WebShell |
CN110909350A (en) * | 2019-11-16 | 2020-03-24 | 杭州安恒信息技术股份有限公司 | Method for remotely and accurately identifying WebShell backdoor |
CN111163095A (en) * | 2019-12-31 | 2020-05-15 | 奇安信科技集团股份有限公司 | Network attack analysis method, network attack analysis device, computing device, and medium |
CN111723378A (en) * | 2020-06-17 | 2020-09-29 | 浙江网新恒天软件有限公司 | Website directory blasting method based on website map |
CN113746784A (en) * | 2020-05-29 | 2021-12-03 | 深信服科技股份有限公司 | Data detection method, system and related equipment |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060294199A1 (en) * | 2005-06-24 | 2006-12-28 | The Zeppo Network, Inc. | Systems and Methods for Providing A Foundational Web Platform |
CN101471818A (en) * | 2007-12-24 | 2009-07-01 | 北京启明星辰信息技术股份有限公司 | Detection method and system for malevolence injection script web page |
CN101527660A (en) * | 2009-04-03 | 2009-09-09 | 华为技术有限公司 | Alarm method, associated equipment and system |
CN101587527A (en) * | 2009-07-08 | 2009-11-25 | 北京东方微点信息技术有限责任公司 | Method and apparatus for scanning virus program |
CN101599947A (en) * | 2008-06-06 | 2009-12-09 | 盛大计算机(上海)有限公司 | Trojan horse virus scanning method based on the WEB webpage |
CN101692267A (en) * | 2009-09-15 | 2010-04-07 | 北京大学 | Method and system for detecting large-scale malicious web pages |
CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
US20110016528A1 (en) * | 2008-08-15 | 2011-01-20 | Venus Info Tech Inc. | Method and Device for Intrusion Detection |
CN102088379A (en) * | 2011-01-24 | 2011-06-08 | 国家计算机网络与信息安全管理中心 | Detecting method and device of client honeypot webpage malicious code based on sandboxing technology |
CN102104601A (en) * | 2011-01-14 | 2011-06-22 | 无锡市同威科技有限公司 | Web vulnerability scanning method and device based on infiltration technology |
CN102158499A (en) * | 2011-06-02 | 2011-08-17 | 国家计算机病毒应急处理中心 | Trojan-embedded website detection method based on hyper text transfer protocol (HTTP) traffic analysis |
CN102254111A (en) * | 2010-05-17 | 2011-11-23 | 北京知道创宇信息技术有限公司 | Malicious site detection method and device |
CN103065089A (en) * | 2012-12-11 | 2013-04-24 | 深信服网络科技(深圳)有限公司 | Method and device for detecting webpage Trojan horses |
CN103258163A (en) * | 2013-05-15 | 2013-08-21 | 腾讯科技(深圳)有限公司 | Script virus identifying method, script virus identifying device and script virus identifying system |
CN103294952A (en) * | 2012-11-29 | 2013-09-11 | 北京安天电子设备有限公司 | Method and system for detecting webshell based on page relation |
-
2013
- 2013-12-17 CN CN201310691213.9A patent/CN103905422B/en active Active
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060294199A1 (en) * | 2005-06-24 | 2006-12-28 | The Zeppo Network, Inc. | Systems and Methods for Providing A Foundational Web Platform |
CN101471818A (en) * | 2007-12-24 | 2009-07-01 | 北京启明星辰信息技术股份有限公司 | Detection method and system for malevolence injection script web page |
CN101599947A (en) * | 2008-06-06 | 2009-12-09 | 盛大计算机(上海)有限公司 | Trojan horse virus scanning method based on the WEB webpage |
US20110016528A1 (en) * | 2008-08-15 | 2011-01-20 | Venus Info Tech Inc. | Method and Device for Intrusion Detection |
CN101527660A (en) * | 2009-04-03 | 2009-09-09 | 华为技术有限公司 | Alarm method, associated equipment and system |
CN101587527A (en) * | 2009-07-08 | 2009-11-25 | 北京东方微点信息技术有限责任公司 | Method and apparatus for scanning virus program |
CN101692267A (en) * | 2009-09-15 | 2010-04-07 | 北京大学 | Method and system for detecting large-scale malicious web pages |
CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
CN102254111A (en) * | 2010-05-17 | 2011-11-23 | 北京知道创宇信息技术有限公司 | Malicious site detection method and device |
CN102104601A (en) * | 2011-01-14 | 2011-06-22 | 无锡市同威科技有限公司 | Web vulnerability scanning method and device based on infiltration technology |
CN102088379A (en) * | 2011-01-24 | 2011-06-08 | 国家计算机网络与信息安全管理中心 | Detecting method and device of client honeypot webpage malicious code based on sandboxing technology |
CN102158499A (en) * | 2011-06-02 | 2011-08-17 | 国家计算机病毒应急处理中心 | Trojan-embedded website detection method based on hyper text transfer protocol (HTTP) traffic analysis |
CN103294952A (en) * | 2012-11-29 | 2013-09-11 | 北京安天电子设备有限公司 | Method and system for detecting webshell based on page relation |
CN103065089A (en) * | 2012-12-11 | 2013-04-24 | 深信服网络科技(深圳)有限公司 | Method and device for detecting webpage Trojan horses |
CN103258163A (en) * | 2013-05-15 | 2013-08-21 | 腾讯科技(深圳)有限公司 | Script virus identifying method, script virus identifying device and script virus identifying system |
Non-Patent Citations (1)
Title |
---|
石磊,宋昭: "wehshell检测的新思路", 《第二届全国信息安全等级保护技术大会会议论文集》 * |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104331663B (en) * | 2014-10-31 | 2017-09-01 | 北京奇虎科技有限公司 | Web shell detection method and web server |
CN104331663A (en) * | 2014-10-31 | 2015-02-04 | 北京奇虎科技有限公司 | Detection method of web shell and web server |
CN105760379A (en) * | 2014-12-16 | 2016-07-13 | 中国移动通信集团公司 | Webshell page detection method and device based on intra-domain page association |
CN105760379B (en) * | 2014-12-16 | 2020-01-21 | 中国移动通信集团公司 | Method and device for detecting webshell page based on intra-domain page association relation |
CN107770133A (en) * | 2016-08-19 | 2018-03-06 | 北京升鑫网络科技有限公司 | A kind of adaptability webshell detection methods and system |
CN107770133B (en) * | 2016-08-19 | 2020-08-14 | 北京升鑫网络科技有限公司 | Adaptive webshell detection method and system |
CN106992981B (en) * | 2017-03-31 | 2020-04-07 | 北京知道创宇信息技术股份有限公司 | Website backdoor detection method and device and computing equipment |
CN106992981A (en) * | 2017-03-31 | 2017-07-28 | 北京知道创宇信息技术有限公司 | A kind of website back door detection method, device and computing device |
CN107493278B (en) * | 2017-08-10 | 2020-09-08 | 杭州迪普科技股份有限公司 | Access method and device for bidirectional encrypted webshell |
CN107493278A (en) * | 2017-08-10 | 2017-12-19 | 杭州迪普科技股份有限公司 | A kind of two-way encryption webshell access method and device |
CN107911433A (en) * | 2017-12-21 | 2018-04-13 | 上海数烨数据科技有限公司 | A kind of LAN cluster system access method based on WebShell |
CN110909350A (en) * | 2019-11-16 | 2020-03-24 | 杭州安恒信息技术股份有限公司 | Method for remotely and accurately identifying WebShell backdoor |
CN110909350B (en) * | 2019-11-16 | 2022-02-11 | 杭州安恒信息技术股份有限公司 | Method for remotely and accurately identifying WebShell backdoor |
CN111163095A (en) * | 2019-12-31 | 2020-05-15 | 奇安信科技集团股份有限公司 | Network attack analysis method, network attack analysis device, computing device, and medium |
CN111163095B (en) * | 2019-12-31 | 2022-08-30 | 奇安信科技集团股份有限公司 | Network attack analysis method, network attack analysis device, computing device, and medium |
CN113746784A (en) * | 2020-05-29 | 2021-12-03 | 深信服科技股份有限公司 | Data detection method, system and related equipment |
CN113746784B (en) * | 2020-05-29 | 2023-04-07 | 深信服科技股份有限公司 | Data detection method, system and related equipment |
CN111723378A (en) * | 2020-06-17 | 2020-09-29 | 浙江网新恒天软件有限公司 | Website directory blasting method based on website map |
CN111723378B (en) * | 2020-06-17 | 2023-03-10 | 浙江网新恒天软件有限公司 | Website directory blasting method based on website map |
Also Published As
Publication number | Publication date |
---|---|
CN103905422B (en) | 2017-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103905422A (en) | Method and system for searching for webshell with assistance of local simulation request | |
US11711438B2 (en) | Systems and methods for controlling data exposure using artificial-intelligence-based periodic modeling | |
Owen et al. | The tor dark net | |
Wang et al. | Fog computing: Issues and challenges in security and forensics | |
Kostopoulos | Cyberspace and cybersecurity | |
CN104125209B (en) | Malice website prompt method and router | |
JP5410626B1 (en) | Web shell detection / support system | |
CN110505235B (en) | System and method for detecting malicious request bypassing cloud WAF | |
TW201703483A (en) | Methods and systems for improving analytics in distributed networks | |
KR20090090685A (en) | Method and system for determining vulnerability of web application | |
CN102685145A (en) | Domain name server (DNS) data packet-based bot-net domain name discovery method | |
CN103294952A (en) | Method and system for detecting webshell based on page relation | |
CN108881316A (en) | Attack backtracking method under heaven and earth integrated information network | |
CN103440454B (en) | A kind of active honeypot detection method based on search engine keywords | |
CN103312692A (en) | Link address safety detection method and device | |
Aljahdali et al. | IoT Forensic models analysis. | |
CN107231364A (en) | A kind of website vulnerability detection method and device, computer installation and storage medium | |
Ma et al. | The construction method of computer network security defense system based on multisource big data | |
CN106572072A (en) | Method and system for tracking and positioning attacker | |
Gulyás et al. | Comprehensive analysis of web privacy and anonymous web browsers: are next generation services based on collaborative filtering? | |
KR102190316B1 (en) | Deep web analysis system and method using browser simulator | |
Zhang et al. | The web penetration based SQL injection | |
Gu et al. | Fingerprinting Network Entities Based on Traffic Analysis in High‐Speed Network Environment | |
KR102084516B1 (en) | Method to identify client device based on profiling | |
Wang et al. | Identification of MEEK-Based TOR Hidden Service Access Using the Key Packet Sequence |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for searching for webshell with assistance of local simulation request Effective date of registration: 20170621 Granted publication date: 20170426 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin Antiy Technology Co., Ltd. Registration number: 2017110000004 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20190614 Granted publication date: 20170426 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin Antiy Technology Co., Ltd. Registration number: 2017110000004 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 room 506, Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang, China, 162 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for searching for webshell with assistance of local simulation request Effective date of registration: 20190828 Granted publication date: 20170426 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: Y2019230000002 |
|
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20170426 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: Y2019230000002 |