Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
The embodiments of the invention provide a kind of webshell attack detection methods based on cloud, as shown in figure 1, this method bag
Include:
101st, the script file sent to Website server is intercepted and captured.
When outside (including general user, hacker etc.) sends script file to Website server, it is necessary to by gateway, because
, when the script file reaches gateway, gateway can be intercepted and captured to the script file, to pacify to the script file for this
The detection of full property, so as to which the script file for ensureing to reach Website server side is safe.
It should be noted that above-mentioned script file can be asp (active server pages, dynamic server page
Face) file, php (hypertext preprocessor, HyperText Preprocessor) file, jsp (java server pages,
The java servers page) file, cgi (common gateway interface, CGI) file, or other lattice
The web page files of formula.
102nd, based on whether there is default feature distortion vestige in cloud platform detection script file.
Wherein, feature distortion vestige is to carry out vestige caused by form change to the feature sentence in script file.It is special
It can be the sentence in exemplary position, such as the sentence containing function to levy sentence, or have the language of other features
Sentence, can also refer to executable code statement.
Specifically, feature distortion vestige can be the combination of following one or any number of:Comment statement, variable assignments word
Symbol, default characteristic character and default characteristic function name.If feature distortion vestige only includes a content (as only included default feature
Function name), then gateway only carries out the detection of this content to script file;If feature distortion vestige includes at least two contents,
Then gateway can carry out the detection of each single item content to script file respectively.In actual applications, gateway can be according to default detection
Order carries out the detection of all the elements in feature distortion vestige to script file successively, can also carry out institute to script file simultaneously
Substantial detection.
It should be noted that what is referred in this step is primarily referred to as gateway needs first from the acquisition of cloud platform side based on cloud platform
Newest feature distortion vestige, also meta-rule and essential characteristic sentence, can just be detected to script file.Wherein, it is newest
Feature distortion vestige, the acquisition modes of also meta-rule and essential characteristic sentence can be directly to be obtained from cloud platform, can also
To be updated by cloud platform to the feature distortion vestige of local, also meta-rule and essential characteristic sentence, its specific acquisition side
Formula is not limited thereto.
If the 103, existing characteristics deform vestige in script file, according to default also meta-rule to modified feature language
Sentence is reduced.
Wherein, also meta-rule is characterized the inverse rule of transformation rule.When gateway detects that existing characteristics become in script file
During shape vestige, illustrate that feature sentence is changed according to default feature distortion rule.Now, gateway becomes according to feature
The inverse rule (also meta-rule) of shape rule can be reduced modified feature sentence, so as to obtain original (before change)
Feature sentence, to carry out the operation of subsequent step 104,105.
For example, gateway detects that a sentence is " e/*aaaa*/val ($ _ POST [' a ']);", by with default spy
Sign deformation vestige matches, it is known that a kind of feature distortion vestige, i.e. comment statement in the sentence be present.The rule of this feature deformation
To add comment statement in sentence, therefore the inverse rule (also meta-rule) of this feature transformation rule is the annotation language of deletion addition
Sentence.
Whether the feature sentence the 104th, after detection reduction is identical with default essential characteristic sentence.
Wherein, essential characteristic sentence is attack sensitive statement, i.e., can directly determine exist by programming personnel's statistics
The sentence of webshell attack signatures.After by also meta-rule by modified feature sentence reduction, it can obtain original
Feature sentence, now, gateway with essential characteristic sentence again by being compared, it is possible to judges that the feature sentence after reduction is
No is default essential characteristic sentence, so as to show whether script file is webshell attack files.
If the feature sentence after the 105th, reducing is identical with essential characteristic sentence, it is determined that script file is attacked for webshell
File.
Because essential characteristic sentence is attack sensitive statement, thus feature sentence after gateway detects reduction with it is basic
When feature sentence is identical, it may be determined that the feature sentence after the reduction is attack sensitive statement, is deposited so as to learn in script file
In attack sensitive statement, and then determine that the script file attacks file for webshell.Conversely, after gateway detects reduction
When feature sentence is with essential characteristic sentence difference, it may be determined that the feature sentence after the reduction is not attack sensitive statement, so as to
Learn and attack sensitive statement is not present in script file, and then determine that the script file is not webshell attack files.
Exemplary, gateway detects " eval ($/* xyz*/{ " _ P " " OST " } [' op ']);" middle in the presence of two kinds of features
Vestige, respectively comment statement and default characteristic character are deformed, so gateway needs to deform the reduction of vestige according to character pair
Rule reduces to it.In actual applications, the also meta-rule for comment statement and default characteristic character is to delete behaviour
Make, so after comment statement and default characteristic character are all deleted, the feature sentence after obtained reduction is " eval ($ _ POST
[‘op’]);”.By this feature sentence compared with essential characteristic sentence, it can determine whether out whether script file is that webshell is attacked
Hit file.If " eval ($ _ POST [' op ']) is included in essential characteristic sentence;", then feature sentence and essential characteristic after reducing
Sentence is identical, so as to show that the script file attacks file for webshell;If do not include in essential characteristic sentence " eval ($ _
POST[‘op’]);", then the feature sentence after reducing is different from essential characteristic sentence, so as to also need to continue in script file
Other feature sentences judged, just can determine that the script file whether be webshell attack file.
It should be noted that in actual applications, only when gateway determines that its script file intercepted and captured is not
When webshell attacks file, just the script file is continued to upload to Website server, and when the script file is
When webshell attacks file, the script file is no longer uploaded into Website server, website service is uploaded to so as to ensure that
The script file of device is safe file.
Webshell attack detection methods provided in an embodiment of the present invention based on cloud, can be in outside to Website server
When sending script file, the script file is intercepted and captured, and first carries out the inspection of feature distortion vestige to the script file based on cloud platform
Survey, then modified feature sentence is reduced, finally by the feature sentence after reduction compared with essential characteristic sentence,
If identical, judge that the script file attacks file for webshell.Inspection with only carrying out essential characteristic sentence in the prior art
Survey method is compared, and the present invention is by first being reduced the feature sentence after change so that the feature sentence being disturbed is reduced to
Original feature sentence, then be compared with essential characteristic sentence so that the essential characteristic sentence quilt being hidden in script file
Detect, so that it is determined that the script file, which is webshell, attacks file.
Further, understood according to above method embodiment, when default feature distortion vestige only becomes comprising a kind of feature
During shape vestige, with the presence or absence of this feature deformation vestige in gateway only detection script file;Wrapped when in default feature distortion vestige
When including various features deformation vestige, with the presence or absence of various features deformation vestige in gateway meeting while detection script file, or
Detect successively in sequence in the script file with the presence or absence of various features deformation vestige.Detecting feature distortion vestige
Afterwards, it is necessary to which modified feature sentence is reduced, but there is different reduction sides for different types of feature distortion vestige
Method, it is introduced below for different situations:
Situation one:When feature distortion vestige includes comment statement, gateway can be based on cloud platform detection script file in be
It is no comment statement to be present.If comment statement in script file be present, comment statement is deleted;If note is not present in script file
Sentence is released, then need not carry out the deletion action of comment statement.
Due to comment statement and it is not involved in the execution of program, so after hacker adds comment statement in feature sentence,
Nor affect on the function of this feature sentence in itself.When this feature sentence is essential characteristic sentence, the script file is exactly
Webshell attacks file.But after with the addition of comment statement in this feature sentence, feature sentence after change just no longer with
Essential characteristic sentence is identical, it is therefore desirable to deletes the comment statement of addition, original feature sentence can be just obtained, so as to more
Accurately detect out substantially with essential characteristic sentence identical sentence, file missing inspection is attacked so as to avoid occurring webshell
Phenomenon.
In actual applications, the detection of comment statement is mainly identified by detecting annotation, such as:“//”、“/*”、“*/”
Deng.For example, gateway detects a feature sentence " eva/*xxxxx*/l ($ _ POST [' a ']);" in comprising "/* " and " */" are noted
Mark is released, then is deleted the comment statement for carrying annotation mark, so as to obtain the sentence before addition comment statement, i.e. " eval
($_POST[‘a’]);”.After the feature sentence before being changed, it is compared with essential characteristic sentence.Ruo Jibente
" eval ($ _ POST [' a ']) is included in sign sentence;", then the feature sentence after reducing is identical with essential characteristic sentence, so as to
Go out the script file and attack file for webshell;If " eval ($ _ POST [' a ']) is not included in essential characteristic sentence;", then
Feature sentence after reduction is different from essential characteristic sentence, so as to also need to continue to enter other feature sentences in script file
Row judges, just can determine that whether the script file is webshell attack files.
Situation two:When feature distortion vestige includes variable assignments character, gateway can be based on cloud platform detection script file
In whether there is variable assignments character.If variable assignments character in script file be present, the variable being assigned is reduced;If pin
Variable assignments character is not present in this document, then need not carry out variable restoring operation.
In actual applications, programming personnel is often through to the variable assignments in feature sentence, i.e., with new variable come generation
For old variable, so that formal change occurs for this feature sentence, and actual functional capability is constant.In this case, only will
Feature sentence after variable assignments is compared with essential characteristic sentence, is that can not detect that its hiding webshell attack is special
Sign.Therefore, gateway needs first to reduce the variable being assigned, and to obtain original feature sentence, can just accurately judge that out
Whether this feature sentence is essential characteristic sentence, and so as to correctly judge, whether the script file is webshell attack texts
Part.
Identified specifically, variable assignments character mainly includes variable assignments, i.e., "=", can also include other has assignment
The character of function, is not limited thereto.
For example, there is following code in script file:
$ aaa=e;
$ bbb=v;
$ ccc=a;
$ ddd=l;
$ xsser=$ _ POST [' op '];
“$aaa”.“$bbb”.“$ccc”.“$ddd”($xsser);
Gateway detects characteristics of variables character (i.e. "=") in above-mentioned code, and detects " " $ aaa " " $ bbb "
“$ccc”.“$ddd”($xsser);" $ aaa, $ bbb, $ ccc, $ ddd and $ xsser in sentence be respectively to e, v, a, l and
The new variables that $ _ POST [' op '] is assigned, therefore gateway needs these new variables being reduced to original variable, the code after reduction becomes
For " eval ($ _ POST [' op ']);", then by this feature sentence compared with essential characteristic sentence.If in essential characteristic sentence
Include " eval ($ _ POST [' op ']);", then the script file is that webshell attacks file;If do not wrapped in essential characteristic sentence
Containing " eval ($ _ POST [' op ']);", then need to continue to judge other feature sentences in script file, just can determine that
Whether the script file is webshell attack files.
Situation three:When feature distortion vestige includes default characteristic character, gateway can be based on cloud platform detection script file
In with the presence or absence of default characteristic character.If default characteristic character in script file be present, default characteristic character is deleted;If pin
Default characteristic character is not present in this document, then need not carry out default characteristic character deletion action.
In actual applications, it is complete to upset one often through the characters such as splicing symbol are added in feature sentence by hacker
Function name or variable name etc., so as to can not only be detected present in this feature sentence by essential characteristic sentence
Webshell attack signatures, it is therefore desirable to the feature sentence containing default characteristic character is reduced, just can further be detected
Go out whether this feature sentence is the sentence containing webshell attack signatures, so as to judge whether the script file is webshell
Attack file.
For example, gateway detects " " e " " v " " a " " l " ($ _ POST [' a ']);" in containing splicing symbol double quotation marks and point,
So by after the double quotation marks and point deletion in this feature sentence, original sentence can be obtained, i.e. " eval ($ _ POST
[‘a’]);”.Now, by " eval ($ _ POST [' a ']);" compared with essential characteristic sentence, if being included in essential characteristic sentence
“eval($_POST[‘a’]);", then the script file is that webshell attacks file, if not including in essential characteristic sentence
“eval($_POST[‘a’]);", then need to continue to judge other feature sentences in script file, just can determine that this
Whether script file is webshell attack files.
Situation four:When feature distortion vestige includes default characteristic function name, gateway can be based on cloud platform detection script text
With the presence or absence of default characteristic function name in part.If default characteristic function name in script file be present, according to characteristic function function
Reverse function the sentence of character pair function is reduced;, need not if default characteristic function name is not present in script file
Enter the reduction of row characteristic functions.
In practical application, hacker is usually deformed using some special functions to feature sentence so that feature sentence
The function of itself does not change, and is only detected by essential characteristic sentence, often can not be by its hiding webshell
Attack signature detects.Therefore, gateway needs first to reduce the feature sentence changed through characteristic function, just can be more accurately
Hiding webshell attack signatures are detected, so as to complete the identification of webshell attack files.
Specifically, default characteristic function name includes str_replace, preg_replace, pack, chr, base64_
decode、strrev、str_rot13、rot_13、create_function、urldecode、strtr、gzuncompress、
Gzinflate and gzdecode etc..Characteristic function corresponding to each characteristic function name has certain function, therefore gateway
The feature sentence after change is reduced by the reverse function can of characteristic function function, so as to obtain original feature sentence,
To carry out the detection of follow-up essential characteristic sentence.
For example, there is following code in script file
$ abcd=str_repalce (" abc ", " eva ", " abcl ");
$abcd($_POST[‘a’]);
Gateway detects str_repalce in above-mentioned code be present, and what str_repalce functions were realized in this sentence
Function is:Abc in abcl is replaced with eva, therefore " $ abcd ($ _ POST [' a ']);" it is actually " eval ($ _ POST
[‘a’]);”.It can thus be appreciated that, it is necessary to using the reverse function of str_repalce function performances by " abcd (_ POST [' a ']);”
Reduction, so as to obtain " eval ($ _ POST [' a ']);", then by " eval ($ _ POST [' a ']);" compared with essential characteristic sentence.
If essential characteristic sentence includes eval ($ _ POST [' a ']);", then the script file is that webshell attacks file;It is if basic
Do not include eval ($ _ POST [' a ']) in feature sentence;", then it can not judge that the script file is according to above-mentioned code
Webshell attacks file.
And for example, there is following code in script file
$ xxyz=strtr (" exyz ", " xyz ", " val ");
$xxyz($_POST[‘a’]);
Gateway, which detects, has strtr in above-mentioned code, and the function that strtr functions are realized in this sentence is:Will
X, y, z in exyz is replaced with v, a, l respectively, therefore " $ xxyz ($ _ POST [' a ']);" it is actually " eval ($ _ POST
[‘a’]);”.It can thus be appreciated that, it is necessary to using the reverse function of strtr function performances by " xxyz (_ POST [' a ']);" reduction, from
And obtain " eval ($ _ POST [' a ']);", then by " eval ($ _ POST [' a ']);" compared with essential characteristic sentence.It is if basic
Feature sentence includes eval ($ _ POST [' a ']);", then the script file is that webshell attacks file;If essential characteristic language
Do not include eval ($ _ POST [' a ']) in sentence;", then it can not judge that the script file is attacked for webshell according to above-mentioned code
Hit file.
Further, before whether there is default feature distortion vestige in detection script file, gateway side needs elder generation
Feature distortion vestige, also meta-rule and essential characteristic sentence are obtained, the operation such as follow-up detection or reduction could be carried out.
Specifically, file is attacked because cloud platform side is stored with the webshell occurred in different web sites, so cloud is put down
Platform side has the most full feature distortion vestige for being related to webshell attacks, also meta-rule and essential characteristic sentence.Therefore gateway
Newest feature distortion vestige, also meta-rule and essential characteristic sentence can be obtained from cloud platform side.
Specifically, if feature distortion vestige, also meta-rule and essential characteristic sentence is locally not present in gateway, to script
Before file carries out the detection of feature distortion vestige, gateway can obtain from cloud platform side and carry newest feature distortion trace
Mark, the also file of meta-rule and essential characteristic sentence;If gateway local existing characteristics deformation vestige, also meta-rule and essential characteristic
Sentence, then gateway can directly be updated by cloud platform local feature distortion vestige, also meta-rule and essential characteristic sentence, example
Such as, by obtaining renewal bag to cloud platform to update local feature distortion vestige, also meta-rule and essential characteristic sentence.
In addition, in actual applications, after gateway intercepts and captures script file, script file directly can be reported into cloud and put down
Platform, cloud platform is allowed to be detected using above-mentioned detection method to the script file, so as to which testing result is sent into gateway, so as to
Gateway determines whether the script file can continue to be sent to Website server.
Further, because cloud platform side needs constantly renewal and improves local feature distortion vestige, also meta-rule
With the file of essential characteristic sentence, so gateway determine script file for webshell attack file after, it is necessary to Xiang Yunping
Platform reports the webshell script files that this is detected, so that cloud platform is to feature distortion vestige, also meta-rule and basic
The file of feature sentence is updated.
Further, a kind of webshell based on cloud is additionally provided according to above method embodiment, the embodiment of the present invention
Attack detecting device, as shown in Fig. 2 the device includes:Intercept and capture unit 21, detection unit 22, reduction unit 23 and determining unit
24.Wherein,
Unit 21 is intercepted and captured, for intercepting and capturing the script file sent to Website server;
Detection unit 22, for being detected based on cloud platform in the script file for intercepting and capturing the intercepting and capturing of unit 21 with the presence or absence of default
Feature distortion vestige, feature distortion vestige are to carry out vestige caused by form change to the feature sentence in script file;
Reduction unit 23, for when detection unit 22 detects in script file that existing characteristics deform vestige, according to pre-
If also meta-rule modified feature sentence is reduced, also meta-rule is characterized the inverse rule of transformation rule;
Detection unit 22, be additionally operable to detect reduction unit 23 reduce after feature sentence whether with default essential characteristic language
Sentence is identical, and essential characteristic sentence is attack sensitive statement;
Determining unit 24 is identical with essential characteristic sentence for feature sentence after detection unit 22 detects reduction
When, determine that script file attacks file for webshell.
Further, the feature distortion vestige that detection unit 22 detects is with next or any number of combination:
Comment statement, variable assignments character, default characteristic character and default characteristic function name.
Specifically, as shown in figure 3, detection unit 22, including:
First detection module 221, for when feature distortion vestige includes comment statement, based on cloud platform detection script text
It whether there is comment statement in part;
Reduction unit 23, including:
First removing module 231, for when comment statement in script file be present, comment statement to be deleted.
Further, as shown in figure 3, detection unit 22, including:
Second detection module 222, for when feature distortion vestige includes variable assignments character, pin to be detected based on cloud platform
It whether there is variable assignments character in this document;
Reduction unit 23, including:
First recovery module 232, for when variable assignments character in script file be present, by the variable being assigned also
It is former.
Further, as shown in figure 3, detection unit 22, including:
3rd detection module 223, for when feature distortion vestige includes default characteristic character, pin to be detected based on cloud platform
With the presence or absence of default characteristic character in this document;
Reduction unit 23, including:
Second removing module 233, for when default characteristic character in script file be present, default characteristic character to be deleted
Remove.
Further, as shown in figure 3, detection unit 22, including:
4th detection module 224, for when feature distortion vestige includes default characteristic function name, being detected based on cloud platform
With the presence or absence of default characteristic function name in script file;
Reduction unit 23, including:
Second recovery module 234, when default characteristic function name in script file be present, according to the inverse of characteristic function function
Function reduces to the sentence of character pair function.
Further, as shown in figure 3, the device further comprises:
Acquiring unit 25, in the detection script file of detection unit 22 whether there is default feature distortion vestige it
Before, obtain feature distortion vestige, also meta-rule and essential characteristic sentence to cloud platform;
Updating block 26, in the detection script file of detection unit 22 whether there is default feature distortion vestige it
Before, the feature distortion vestige of local cache is updated by cloud platform, goes back meta-rule and essential characteristic sentence.
Further, as shown in figure 3, the device further comprises:
Reporting unit 27, for determining that script file is Xiang Yunping after webshell attacks file in determining unit 24
Platform reports script file.
Webshell attack detecting devices provided in an embodiment of the present invention based on cloud, can be in outside to Website server
When sending script file, the script file is intercepted and captured, and first carries out the inspection of feature distortion vestige to the script file based on cloud platform
Survey, then modified feature sentence is reduced, finally by the feature sentence after reduction compared with essential characteristic sentence,
If identical, judge that the script file attacks file for webshell.Inspection with only carrying out essential characteristic sentence in the prior art
Survey method is compared, and the present invention is by first being reduced the feature sentence after change so that the feature sentence being disturbed is reduced to
Original feature sentence, then be compared with essential characteristic sentence so that the essential characteristic sentence quilt being hidden in script file
Detect, so that it is determined that the script file, which is webshell, attacks file.
Further, a kind of webshell based on cloud is additionally provided according to said apparatus embodiment, the embodiment of the present invention
Attack detecting gateway, the gateway include device as shown in figures 2 and 3.
Webshell attack detecting gateways provided in an embodiment of the present invention based on cloud, can be in outside to Website server
When sending script file, the script file is intercepted and captured, and first carries out the inspection of feature distortion vestige to the script file based on cloud platform
Survey, then modified feature sentence is reduced, finally by the feature sentence after reduction compared with essential characteristic sentence,
If identical, judge that the script file attacks file for webshell.Inspection with only carrying out essential characteristic sentence in the prior art
Survey method is compared, and the present invention is by first being reduced the feature sentence after change so that the feature sentence being disturbed is reduced to
Original feature sentence, then be compared with essential characteristic sentence so that the essential characteristic sentence quilt being hidden in script file
Detect, so that it is determined that the script file, which is webshell, attacks file.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion being described in detail in some embodiment
Point, it may refer to the associated description of other embodiment.
It is understood that the correlated characteristic in the above method and device can be referred to mutually.In addition, in above-described embodiment
" first ", " second " etc. be to be used to distinguish each embodiment, and do not represent the quality of each embodiment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
The application claims of shield features more more than the feature being expressly recited in each claim.It is more precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself
Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, summary and accompanying drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
Replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be realized with hardware, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) realize the state of accompanied electronic anti-theft device according to embodiments of the present invention
The some or all functions of some or all parts in detection method, equipment, server and system equipment.The present invention is also
Some or all equipment by performing method as described herein or program of device be can be implemented as (based on for example,
Calculation machine program and computer program product).Such program for realizing the present invention can store on a computer-readable medium, or
Person can have the form of one or more signal.Such signal can be downloaded from internet website and obtained, Huo Zhe
There is provided on carrier signal, or provided in the form of any other.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and being come by means of properly programmed computer real
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.