CN103905422A - Method and system for searching for webshell with assistance of local simulation request - Google Patents
Method and system for searching for webshell with assistance of local simulation request Download PDFInfo
- Publication number
- CN103905422A CN103905422A CN201310691213.9A CN201310691213A CN103905422A CN 103905422 A CN103905422 A CN 103905422A CN 201310691213 A CN201310691213 A CN 201310691213A CN 103905422 A CN103905422 A CN 103905422A
- Authority
- CN
- China
- Prior art keywords
- webshell
- return data
- web page
- page files
- files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004088 simulation Methods 0.000 title claims abstract description 26
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000001514 detection method Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 4
- 230000009545 invasion Effects 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 240000004859 Gamochaeta purpurea Species 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000035800 maturation Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and system for searching for webshell with assistance of a local simulation request. The method includes the steps that firstly, configuration files of a web server is read so as to obtain related information of the web server, wherein the related information comprises the number of websites, paths of the websites, domain names of the websites or port numbers of the websites; all files in the websites are traversed sequentially, webpage files are screened out, and the path information of the webpage files is stored; according to the path information, the local simulation request has access to the webpage files sequentially to obtain return data; characteristic scanning is conducted on the return data, and a detection result is generated according to scanning results. The method can also be used for detecting encrypted webshell.
Description
Technical field
The present invention relates to field of information security technology, relate in particular to the method and system of a kind of simulation request assisted lookup webshell.
Background technology
Webshell is a kind of command execution environment existing with web page files forms such as asp, php, jsp, cgi, also can be called a kind of webpage back door.Invader, behind invasion website, places webshell backdoor file in the WEB catalogue of the WEB server of being everlasting, and with WEB server WEB catalogue under normal web page files be mixed in-rise, be difficult for being found.Invader can access webshell by WEB mode and obtain command execution environment to reach the object of controlling website or WEB server, and the operation that can carry out comprises uploads download file, checks database, carries out random procedure order etc.The effect that webshell is serving as script attack tool in WEB invasion.
The approach that invader disposes webshell back door has multiple, for example, directly upload, privately add amendment and upload type, utilize WEB system back-stage management function, the backup that utilizes database, recovery, query function and other the whole bag of tricks.After deployment success, invader just can obtain by website port the authority of operation in a way etc. to WEB server.
Because the data of webshell and controlled WEB server or distance host exchange are all transmitted by 80 ports, therefore can not tackled by fire compartment wall.And use webshell generally can in system journal, not leave record, only can in the daily record of WEB server, leave some data and submit record to, unfamiliar keeper is difficult to find out invasion vestige.
The webshell document code of most is encrypted, and has walked around thus the killing of WEB fire compartment wall and anti-virus software.The maturation (the many engine scanning of for example virustotal) that detects engine along with constantly open, the many engine scanning of a large amount of leaks has facilitated the raising of webshell making free to kill, encryption technology, the various technology of walking around anti-virus supervisory control system to announce, and makes the killing of current webshell be faced with severe situation.And traditional detection method only can the limited cipher mode of killing webshell, assailant can use all kinds of self-defining cipher modes to hide killing.
Summary of the invention
For above-mentioned technical problem, the invention provides the method and system of a kind of simulation request assisted lookup webshell, the method is by all web page files of this simulation request access, obtain after return data, return data is carried out to feature detection, thereby the identification webshell page, can effectively identify equally for the webshell page after encrypting.
The present invention adopts with the following method and realizes: the method for a kind of simulation request assisted lookup webshell, comprising:
Read web server configuration file, obtain web server relevant information; Described relevant information comprises: website number, path, domain name or port numbers;
Travel through successively All Files under website, filter out web page files, and preserve the routing information of described web page files;
According to described routing information, the request of this simulation, accesses described web page files successively, obtains return data;
Return data is carried out to mark scanning, and generate examining report according to scanning result.
Further, described web page files comprises the web page files of asp, php, jsp or cgi form.
Further, described being characterized as that return data is carried out to mark scanning uses: obtain the return data of webshell, extract webshell clear text field as feature.
Further, described being characterized as that return data is carried out to mark scanning uses: for the webshell with login password, extract critical field as feature.
The present invention adopts following system to realize: the system of a kind of simulation request assisted lookup webshell, comprising:
Relevant information acquisition module, for reading web server configuration file, obtains web server relevant information; Described relevant information comprises: website number, path, domain name or port numbers;
Page path acquisition module, for traveling through successively All Files under website, filters out web page files, and preserves the routing information of described web page files;
Request analog module, for according to described routing information, the request of this simulation, accesses described web page files successively, obtains return data;
Mark scanning module, for return data is carried out to mark scanning, and generates examining report according to scanning result.
Further, described web page files comprises the web page files of asp, php, jsp or cgi form.
Further, described being characterized as that return data is carried out to mark scanning uses: obtain the return data of webshell, extract webshell clear text field as feature.
Further, described being characterized as that return data is carried out to mark scanning uses: for the webshell with login password, extract critical field as feature.
In sum, the invention provides the method and system of a kind of simulation request assisted lookup webshell, described method and system is mainly by obtaining the routing information of all web page files under web server, utilize described routing information simulation request, thereby access these web page files, detect for the clear data returning, detecting the feature using is to extract clear text field by the return data of known webshell, or for the webshell page with login password, extract its critical field as feature obtain.Technique scheme can effectively overcome the defect that existing scheme cannot effectively be identified for the webshell encrypting.
Brief description of the drawings
In order to be illustrated more clearly in technical scheme of the present invention, to the accompanying drawing of required use in embodiment be briefly described below, apparently, the accompanying drawing the following describes is only some embodiment that record in the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the method flow diagram of a kind of simulation request assisted lookup webshell provided by the invention;
Fig. 2 is the system construction drawing of a kind of simulation request assisted lookup webshell provided by the invention.
Embodiment
The present invention has provided the method and system of a kind of simulation request assisted lookup webshell, in order to make those skilled in the art person understand better the technical scheme in the embodiment of the present invention, and above-mentioned purpose of the present invention, feature and advantage can be become apparent more, below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail:
First the present invention provides the method for a kind of simulation request assisted lookup webshell, as shown in Figure 1, comprising:
S101 reads web server configuration file, obtains web server relevant information; Described relevant information comprises: website number, path, domain name or port numbers; For example: baidu.com:81, baiduba.com:8080 etc.;
Web server configuration file, can search the web server such as IIS, Apache key assignments by traversal registration table, find installation path by key assignments content, then from installation path, read web server and drain into file, obtain the information such as site paths, website number, domain name or port numbers;
For example: Apache Server default configuration file/etc/apache2/httpd.conf, parses the information such as website IP, port, website root.
S102 travels through All Files under website successively, filters out web page files, and preserves the routing information of described web page files;
S103 is according to described routing information, and the request of this simulation, accesses described web page files successively, obtains return data;
S104 carries out mark scanning to return data, and generates examining report according to scanning result.
Preferably, described web page files comprises the web page files of asp, php, jsp or cgi form.
Preferably, described being characterized as that return data is carried out to mark scanning uses: obtain the return data of webshell, extract webshell clear text field as feature.Described clear text field comprises: the character strings such as File Manager, CMD, SHELL, Process, file management, scanning, system information.
Preferably, described being characterized as that return data is carried out to mark scanning uses: for the webshell with login password, extract critical field as feature.
Described critical field comprises: <input name=" passtext ", type=" password ", id=" passtext " or <input type=" hidden " name=" _ VIEWSTATE " this class has the text control of password type.
The present invention also provides the system of a kind of simulation request assisted lookup webshell, as shown in Figure 2, comprising:
Relevant information acquisition module 201, for reading web server configuration file, obtains web server relevant information; Described relevant information comprises: website number, path, domain name or port numbers;
Page path acquisition module 202, for traveling through successively All Files under website, filters out web page files, and preserves the routing information of described web page files;
Request analog module 203, for according to described routing information, the request of this simulation, accesses described web page files successively, obtains return data;
Preferably, described web page files comprises the web page files of asp, php, jsp or cgi form.
Preferably, described being characterized as that return data is carried out to mark scanning uses: obtain the return data of webshell, extract webshell clear text field as feature.
Preferably, described being characterized as that return data is carried out to mark scanning uses: for the webshell with login password, extract critical field as feature.
As mentioned above, the present invention has provided the specific embodiment of the method and system of a kind of simulation request assisted lookup webshell, and the difference of itself and conventional method is, current most technical schemes all cannot effectively be identified for the webshell encrypting.The technical scheme that the present invention is given, by reading web server configuration file, thereby obtains the information such as website number and path, screens for the All Files under website, finds out all web page files, obtains the path of web page files; Utilize accessed web page file, can return to feature expressly, simulation request, access described web page files, carry out mark scanning for return data, thereby can effectively identify the webshell page, encrypt thereby solve existing webshell the problem that distortion cannot killing.
Above embodiment is unrestricted technical scheme of the present invention in order to explanation.Do not depart from any modification or partial replacement of spirit and scope of the invention, all should be encompassed in the middle of claim scope of the present invention.
Claims (8)
1. a method of this simulation request assisted lookup webshell, is characterized in that, comprising:
Read web server configuration file, obtain web server relevant information; Described relevant information comprises: website number, path, domain name or port numbers;
Travel through successively All Files under website, filter out web page files, and preserve the routing information of described web page files;
According to described routing information, the request of this simulation, accesses described web page files successively, obtains return data;
Return data is carried out to mark scanning, and generate examining report according to scanning result.
2. the method for claim 1, is characterized in that, described web page files comprises the web page files of asp, php, jsp or cgi form.
3. the method for claim 1, is characterized in that, described being characterized as that return data is carried out to mark scanning uses: obtain the return data of webshell, extract webshell clear text field as feature.
4. the method for claim 1, is characterized in that, described being characterized as that return data is carried out to mark scanning uses: for the webshell with login password, extract critical field as feature.
5. a system of this simulation request assisted lookup webshell, is characterized in that, comprising:
Relevant information acquisition module, for reading web server configuration file, obtains web server relevant information; Described relevant information comprises: website number, path, domain name or port numbers;
Page path acquisition module, for traveling through successively All Files under website, filters out web page files, and preserves the routing information of described web page files;
Request analog module, for according to described routing information, the request of this simulation, accesses described web page files successively, obtains return data;
Mark scanning module, for return data is carried out to mark scanning, and generates examining report according to scanning result.
6. system as claimed in claim 5, is characterized in that, described web page files comprises the web page files of asp, php, jsp or cgi form.
7. system as claimed in claim 5, is characterized in that, described being characterized as that return data is carried out to mark scanning uses: obtain the return data of webshell, extract webshell clear text field as feature.
8. system as claimed in claim 5, is characterized in that, described being characterized as that return data is carried out to mark scanning uses: for the webshell with login password, extract critical field as feature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310691213.9A CN103905422B (en) | 2013-12-17 | 2013-12-17 | Method and system for searching for webshell with assistance of local simulation request |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310691213.9A CN103905422B (en) | 2013-12-17 | 2013-12-17 | Method and system for searching for webshell with assistance of local simulation request |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103905422A true CN103905422A (en) | 2014-07-02 |
| CN103905422B CN103905422B (en) | 2017-04-26 |
Family
ID=50996576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310691213.9A Active CN103905422B (en) | 2013-12-17 | 2013-12-17 | Method and system for searching for webshell with assistance of local simulation request |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103905422B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104331663A (en) * | 2014-10-31 | 2015-02-04 | 北京奇虎科技有限公司 | Detection method of web shell and web server |
| CN105760379A (en) * | 2014-12-16 | 2016-07-13 | 中国移动通信集团公司 | Webshell page detection method and device based on intra-domain page association |
| CN106992981A (en) * | 2017-03-31 | 2017-07-28 | 北京知道创宇信息技术有限公司 | A kind of website back door detection method, device and computing device |
| CN107493278A (en) * | 2017-08-10 | 2017-12-19 | 杭州迪普科技股份有限公司 | A kind of two-way encryption webshell access method and device |
| CN107770133A (en) * | 2016-08-19 | 2018-03-06 | 北京升鑫网络科技有限公司 | A kind of adaptability webshell detection methods and system |
| CN107911433A (en) * | 2017-12-21 | 2018-04-13 | 上海数烨数据科技有限公司 | A kind of LAN cluster system access method based on WebShell |
| CN110909350A (en) * | 2019-11-16 | 2020-03-24 | 杭州安恒信息技术股份有限公司 | Method for remotely and accurately identifying WebShell backdoor |
| CN111163095A (en) * | 2019-12-31 | 2020-05-15 | 奇安信科技集团股份有限公司 | Network attack analysis method, network attack analysis device, computing device, and medium |
| CN111723378A (en) * | 2020-06-17 | 2020-09-29 | 浙江网新恒天软件有限公司 | Website directory blasting method based on website map |
| CN113746784A (en) * | 2020-05-29 | 2021-12-03 | 深信服科技股份有限公司 | Data detection method, system and related equipment |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060294199A1 (en) * | 2005-06-24 | 2006-12-28 | The Zeppo Network, Inc. | Systems and Methods for Providing A Foundational Web Platform |
| CN101471818A (en) * | 2007-12-24 | 2009-07-01 | 北京启明星辰信息技术股份有限公司 | Detection method and system for malevolence injection script web page |
| CN101527660A (en) * | 2009-04-03 | 2009-09-09 | 华为技术有限公司 | Alarm method, associated equipment and system |
| CN101587527A (en) * | 2009-07-08 | 2009-11-25 | 北京东方微点信息技术有限责任公司 | Method and apparatus for scanning virus program |
| CN101599947A (en) * | 2008-06-06 | 2009-12-09 | 盛大计算机(上海)有限公司 | Trojan horse virus scanning method based on the WEB webpage |
| CN101692267A (en) * | 2009-09-15 | 2010-04-07 | 北京大学 | Method and system for detecting large-scale malicious web pages |
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| US20110016528A1 (en) * | 2008-08-15 | 2011-01-20 | Venus Info Tech Inc. | Method and Device for Intrusion Detection |
| CN102088379A (en) * | 2011-01-24 | 2011-06-08 | 国家计算机网络与信息安全管理中心 | Detecting method and device of client honeypot webpage malicious code based on sandboxing technology |
| CN102104601A (en) * | 2011-01-14 | 2011-06-22 | 无锡市同威科技有限公司 | Web vulnerability scanning method and device based on infiltration technology |
| CN102158499A (en) * | 2011-06-02 | 2011-08-17 | 国家计算机病毒应急处理中心 | Trojan-embedded website detection method based on hyper text transfer protocol (HTTP) traffic analysis |
| CN102254111A (en) * | 2010-05-17 | 2011-11-23 | 北京知道创宇信息技术有限公司 | Malicious site detection method and device |
| CN103065089A (en) * | 2012-12-11 | 2013-04-24 | 深信服网络科技(深圳)有限公司 | Method and device for detecting webpage Trojan horses |
| CN103258163A (en) * | 2013-05-15 | 2013-08-21 | 腾讯科技(深圳)有限公司 | Script virus identifying method, script virus identifying device and script virus identifying system |
| CN103294952A (en) * | 2012-11-29 | 2013-09-11 | 北京安天电子设备有限公司 | Method and system for detecting webshell based on page relation |
-
2013
- 2013-12-17 CN CN201310691213.9A patent/CN103905422B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060294199A1 (en) * | 2005-06-24 | 2006-12-28 | The Zeppo Network, Inc. | Systems and Methods for Providing A Foundational Web Platform |
| CN101471818A (en) * | 2007-12-24 | 2009-07-01 | 北京启明星辰信息技术股份有限公司 | Detection method and system for malevolence injection script web page |
| CN101599947A (en) * | 2008-06-06 | 2009-12-09 | 盛大计算机(上海)有限公司 | Trojan horse virus scanning method based on the WEB webpage |
| US20110016528A1 (en) * | 2008-08-15 | 2011-01-20 | Venus Info Tech Inc. | Method and Device for Intrusion Detection |
| CN101527660A (en) * | 2009-04-03 | 2009-09-09 | 华为技术有限公司 | Alarm method, associated equipment and system |
| CN101587527A (en) * | 2009-07-08 | 2009-11-25 | 北京东方微点信息技术有限责任公司 | Method and apparatus for scanning virus program |
| CN101692267A (en) * | 2009-09-15 | 2010-04-07 | 北京大学 | Method and system for detecting large-scale malicious web pages |
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| CN102254111A (en) * | 2010-05-17 | 2011-11-23 | 北京知道创宇信息技术有限公司 | Malicious site detection method and device |
| CN102104601A (en) * | 2011-01-14 | 2011-06-22 | 无锡市同威科技有限公司 | Web vulnerability scanning method and device based on infiltration technology |
| CN102088379A (en) * | 2011-01-24 | 2011-06-08 | 国家计算机网络与信息安全管理中心 | Detecting method and device of client honeypot webpage malicious code based on sandboxing technology |
| CN102158499A (en) * | 2011-06-02 | 2011-08-17 | 国家计算机病毒应急处理中心 | Trojan-embedded website detection method based on hyper text transfer protocol (HTTP) traffic analysis |
| CN103294952A (en) * | 2012-11-29 | 2013-09-11 | 北京安天电子设备有限公司 | Method and system for detecting webshell based on page relation |
| CN103065089A (en) * | 2012-12-11 | 2013-04-24 | 深信服网络科技(深圳)有限公司 | Method and device for detecting webpage Trojan horses |
| CN103258163A (en) * | 2013-05-15 | 2013-08-21 | 腾讯科技(深圳)有限公司 | Script virus identifying method, script virus identifying device and script virus identifying system |
Non-Patent Citations (1)
| Title |
|---|
| 石磊,宋昭: "wehshell检测的新思路", 《第二届全国信息安全等级保护技术大会会议论文集》 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104331663B (en) * | 2014-10-31 | 2017-09-01 | 北京奇虎科技有限公司 | Web shell detection method and web server |
| CN104331663A (en) * | 2014-10-31 | 2015-02-04 | 北京奇虎科技有限公司 | Detection method of web shell and web server |
| CN105760379A (en) * | 2014-12-16 | 2016-07-13 | 中国移动通信集团公司 | Webshell page detection method and device based on intra-domain page association |
| CN105760379B (en) * | 2014-12-16 | 2020-01-21 | 中国移动通信集团公司 | Method and device for detecting webshell page based on intra-domain page association relation |
| CN107770133A (en) * | 2016-08-19 | 2018-03-06 | 北京升鑫网络科技有限公司 | A kind of adaptability webshell detection methods and system |
| CN107770133B (en) * | 2016-08-19 | 2020-08-14 | 北京升鑫网络科技有限公司 | Adaptive webshell detection method and system |
| CN106992981B (en) * | 2017-03-31 | 2020-04-07 | 北京知道创宇信息技术股份有限公司 | Website backdoor detection method and device and computing equipment |
| CN106992981A (en) * | 2017-03-31 | 2017-07-28 | 北京知道创宇信息技术有限公司 | A kind of website back door detection method, device and computing device |
| CN107493278B (en) * | 2017-08-10 | 2020-09-08 | 杭州迪普科技股份有限公司 | Access method and device for bidirectional encrypted webshell |
| CN107493278A (en) * | 2017-08-10 | 2017-12-19 | 杭州迪普科技股份有限公司 | A kind of two-way encryption webshell access method and device |
| CN107911433A (en) * | 2017-12-21 | 2018-04-13 | 上海数烨数据科技有限公司 | A kind of LAN cluster system access method based on WebShell |
| CN110909350A (en) * | 2019-11-16 | 2020-03-24 | 杭州安恒信息技术股份有限公司 | Method for remotely and accurately identifying WebShell backdoor |
| CN110909350B (en) * | 2019-11-16 | 2022-02-11 | 杭州安恒信息技术股份有限公司 | Method for remotely and accurately identifying WebShell backdoor |
| CN111163095A (en) * | 2019-12-31 | 2020-05-15 | 奇安信科技集团股份有限公司 | Network attack analysis method, network attack analysis device, computing device, and medium |
| CN111163095B (en) * | 2019-12-31 | 2022-08-30 | 奇安信科技集团股份有限公司 | Network attack analysis method, network attack analysis device, computing device, and medium |
| CN113746784A (en) * | 2020-05-29 | 2021-12-03 | 深信服科技股份有限公司 | Data detection method, system and related equipment |
| CN113746784B (en) * | 2020-05-29 | 2023-04-07 | 深信服科技股份有限公司 | Data detection method, system and related equipment |
| CN111723378A (en) * | 2020-06-17 | 2020-09-29 | 浙江网新恒天软件有限公司 | Website directory blasting method based on website map |
| CN111723378B (en) * | 2020-06-17 | 2023-03-10 | 浙江网新恒天软件有限公司 | Website directory blasting method based on website map |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103905422B (en) | 2017-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103905422A (en) | Method and system for searching for webshell with assistance of local simulation request | |
| US11711438B2 (en) | Systems and methods for controlling data exposure using artificial-intelligence-based periodic modeling | |
| Owen et al. | The tor dark net | |
| Wang et al. | Fog computing: Issues and challenges in security and forensics | |
| Kostopoulos | Cyberspace and cybersecurity | |
| CN104125209B (en) | Malice website prompt method and router | |
| JP5410626B1 (en) | Web shell detection / support system | |
| CN110505235B (en) | System and method for detecting malicious request bypassing cloud WAF | |
| TW201703483A (en) | Methods and systems for improving analytics in distributed networks | |
| KR20090090685A (en) | Method and system for determining vulnerability of web application | |
| CN102685145A (en) | Domain name server (DNS) data packet-based bot-net domain name discovery method | |
| CN103294952A (en) | Method and system for detecting webshell based on page relation | |
| CN108881316A (en) | Attack backtracking method under heaven and earth integrated information network | |
| CN103440454B (en) | A kind of active honeypot detection method based on search engine keywords | |
| CN103312692A (en) | Link address safety detection method and device | |
| Aljahdali et al. | IoT Forensic models analysis. | |
| CN107231364A (en) | A kind of website vulnerability detection method and device, computer installation and storage medium | |
| Ma et al. | The construction method of computer network security defense system based on multisource big data | |
| CN106572072A (en) | Method and system for tracking and positioning attacker | |
| Gulyás et al. | Comprehensive analysis of web privacy and anonymous web browsers: are next generation services based on collaborative filtering? | |
| KR102190316B1 (en) | Deep web analysis system and method using browser simulator | |
| Zhang et al. | The web penetration based SQL injection | |
| Gu et al. | Fingerprinting Network Entities Based on Traffic Analysis in High‐Speed Network Environment | |
| KR102084516B1 (en) | Method to identify client device based on profiling | |
| Wang et al. | Identification of MEEK-Based TOR Hidden Service Access Using the Key Packet Sequence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for searching for webshell with assistance of local simulation request Effective date of registration: 20170621 Granted publication date: 20170426 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin Antiy Technology Co., Ltd. Registration number: 2017110000004 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20190614 Granted publication date: 20170426 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin Antiy Technology Co., Ltd. Registration number: 2017110000004 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 room 506, Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang, China, 162 Patentee before: Harbin Antiy Technology Co., Ltd. |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for searching for webshell with assistance of local simulation request Effective date of registration: 20190828 Granted publication date: 20170426 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Harbin antiy Technology Group Limited by Share Ltd Registration number: Y2019230000002 |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20211119 Granted publication date: 20170426 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: Harbin Antian Science and Technology Group Co.,Ltd. Registration number: Y2019230000002 |