CN107911355A - 一种基于攻击链的网站后门利用事件识别方法 - Google Patents
一种基于攻击链的网站后门利用事件识别方法 Download PDFInfo
- Publication number
- CN107911355A CN107911355A CN201711086376.9A CN201711086376A CN107911355A CN 107911355 A CN107911355 A CN 107911355A CN 201711086376 A CN201711086376 A CN 201711086376A CN 107911355 A CN107911355 A CN 107911355A
- Authority
- CN
- China
- Prior art keywords
- attack
- back door
- website
- recognition method
- website back
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711086376.9A CN107911355B (zh) | 2017-11-07 | 2017-11-07 | 一种基于攻击链的网站后门利用事件识别方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711086376.9A CN107911355B (zh) | 2017-11-07 | 2017-11-07 | 一种基于攻击链的网站后门利用事件识别方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107911355A true CN107911355A (zh) | 2018-04-13 |
CN107911355B CN107911355B (zh) | 2020-05-01 |
Family
ID=61842829
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711086376.9A Active CN107911355B (zh) | 2017-11-07 | 2017-11-07 | 一种基于攻击链的网站后门利用事件识别方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107911355B (zh) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040071A (zh) * | 2018-08-06 | 2018-12-18 | 杭州安恒信息技术股份有限公司 | 一种web后门攻击事件的确认方法 |
CN110636086A (zh) * | 2019-11-13 | 2019-12-31 | 国家电网有限公司 | 网络防护测试方法及装置 |
CN111031025A (zh) * | 2019-12-07 | 2020-04-17 | 杭州安恒信息技术股份有限公司 | 一种自动化检测验证Webshell的方法及装置 |
CN111191237A (zh) * | 2019-12-19 | 2020-05-22 | 杭州安恒信息技术股份有限公司 | 一种基于rce漏洞的web后门检测装置及检测方法 |
CN112788035A (zh) * | 2021-01-13 | 2021-05-11 | 深圳震有科技股份有限公司 | 一种5g下upf终端的网络攻击告警方法和终端 |
CN112910895A (zh) * | 2021-02-02 | 2021-06-04 | 杭州安恒信息技术股份有限公司 | 网络攻击行为检测方法、装置、计算机设备和系统 |
CN113438249A (zh) * | 2021-06-30 | 2021-09-24 | 北京科东电力控制系统有限责任公司 | 一种基于策略的攻击溯源方法 |
CN113472725A (zh) * | 2020-03-31 | 2021-10-01 | 阿里巴巴集团控股有限公司 | 一种数据处理的方法和装置 |
CN115314255A (zh) * | 2022-07-11 | 2022-11-08 | 深信服科技股份有限公司 | 攻击结果的检测方法、装置、计算机设备和存储介质 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3748192B2 (ja) * | 2000-02-24 | 2006-02-22 | 三菱電機株式会社 | 不正通信ソフトウェア検出方法 |
CN103561012A (zh) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | 一种基于关联树的web后门检测方法及系统 |
US20140215619A1 (en) * | 2013-01-28 | 2014-07-31 | Infosec Co., Ltd. | Webshell detection and response system |
CN104468477A (zh) * | 2013-09-16 | 2015-03-25 | 杭州迪普科技有限公司 | 一种WebShell的检测方法及系统 |
CN105933268A (zh) * | 2015-11-27 | 2016-09-07 | 中国银联股份有限公司 | 一种基于全量访问日志分析的网站后门检测方法及装置 |
CN107104924A (zh) * | 2016-02-22 | 2017-08-29 | 阿里巴巴集团控股有限公司 | 网站后门文件的验证方法及装置 |
-
2017
- 2017-11-07 CN CN201711086376.9A patent/CN107911355B/zh active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3748192B2 (ja) * | 2000-02-24 | 2006-02-22 | 三菱電機株式会社 | 不正通信ソフトウェア検出方法 |
US20140215619A1 (en) * | 2013-01-28 | 2014-07-31 | Infosec Co., Ltd. | Webshell detection and response system |
CN104468477A (zh) * | 2013-09-16 | 2015-03-25 | 杭州迪普科技有限公司 | 一种WebShell的检测方法及系统 |
CN103561012A (zh) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | 一种基于关联树的web后门检测方法及系统 |
CN105933268A (zh) * | 2015-11-27 | 2016-09-07 | 中国银联股份有限公司 | 一种基于全量访问日志分析的网站后门检测方法及装置 |
CN107104924A (zh) * | 2016-02-22 | 2017-08-29 | 阿里巴巴集团控股有限公司 | 网站后门文件的验证方法及装置 |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040071A (zh) * | 2018-08-06 | 2018-12-18 | 杭州安恒信息技术股份有限公司 | 一种web后门攻击事件的确认方法 |
CN109040071B (zh) * | 2018-08-06 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | 一种web后门攻击事件的确认方法 |
CN110636086A (zh) * | 2019-11-13 | 2019-12-31 | 国家电网有限公司 | 网络防护测试方法及装置 |
CN110636086B (zh) * | 2019-11-13 | 2023-12-26 | 国家电网有限公司 | 网络防护测试方法及装置 |
CN111031025A (zh) * | 2019-12-07 | 2020-04-17 | 杭州安恒信息技术股份有限公司 | 一种自动化检测验证Webshell的方法及装置 |
CN111031025B (zh) * | 2019-12-07 | 2022-04-29 | 杭州安恒信息技术股份有限公司 | 一种自动化检测验证Webshell的方法及装置 |
CN111191237A (zh) * | 2019-12-19 | 2020-05-22 | 杭州安恒信息技术股份有限公司 | 一种基于rce漏洞的web后门检测装置及检测方法 |
CN113472725A (zh) * | 2020-03-31 | 2021-10-01 | 阿里巴巴集团控股有限公司 | 一种数据处理的方法和装置 |
CN113472725B (zh) * | 2020-03-31 | 2023-04-07 | 阿里巴巴集团控股有限公司 | 一种数据处理的方法和装置 |
CN112788035B (zh) * | 2021-01-13 | 2023-02-28 | 深圳震有科技股份有限公司 | 一种5g下upf终端的网络攻击告警方法和终端 |
CN112788035A (zh) * | 2021-01-13 | 2021-05-11 | 深圳震有科技股份有限公司 | 一种5g下upf终端的网络攻击告警方法和终端 |
CN112910895A (zh) * | 2021-02-02 | 2021-06-04 | 杭州安恒信息技术股份有限公司 | 网络攻击行为检测方法、装置、计算机设备和系统 |
CN113438249A (zh) * | 2021-06-30 | 2021-09-24 | 北京科东电力控制系统有限责任公司 | 一种基于策略的攻击溯源方法 |
CN113438249B (zh) * | 2021-06-30 | 2023-01-31 | 北京科东电力控制系统有限责任公司 | 一种基于策略的攻击溯源方法 |
CN115314255A (zh) * | 2022-07-11 | 2022-11-08 | 深信服科技股份有限公司 | 攻击结果的检测方法、装置、计算机设备和存储介质 |
CN115314255B (zh) * | 2022-07-11 | 2023-12-29 | 深信服科技股份有限公司 | 攻击结果的检测方法、装置、计算机设备和存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN107911355B (zh) | 2020-05-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107911355A (zh) | 一种基于攻击链的网站后门利用事件识别方法 | |
US11212305B2 (en) | Web application security methods and systems | |
Wurzinger et al. | SWAP: Mitigating XSS attacks using a reverse proxy | |
KR101689296B1 (ko) | 보안이벤트 자동 검증 방법 및 장치 | |
JP6624771B2 (ja) | クライアントベースローカルマルウェア検出方法 | |
KR101574652B1 (ko) | 모바일 침해사고 분석시스템 및 방법 | |
KR101672791B1 (ko) | 모바일 웹 애플리케이션 환경에서의 취약점 탐지 방법 및 시스템 | |
US11503072B2 (en) | Identifying, reporting and mitigating unauthorized use of web code | |
CN103595732B (zh) | 一种网络攻击取证的方法及装置 | |
WO2017086837A1 (ru) | Способ обнаружения вредоносных программ и элементов | |
US20100037317A1 (en) | Mehtod and system for security monitoring of the interface between a browser and an external browser module | |
WO2016085883A2 (en) | Call stack integrity check on client/server systems | |
CN105760379B (zh) | 一种基于域内页面关联关系检测webshell页面的方法及装置 | |
CN101816148A (zh) | 用于验证、数据传送和防御网络钓鱼的系统和方法 | |
CN110417718B (zh) | 处理网站中的风险数据的方法、装置、设备及存储介质 | |
CN106982188B (zh) | 恶意传播源的检测方法及装置 | |
CN104580203A (zh) | 网站恶意程序检测方法及装置 | |
CN111628990A (zh) | 识别攻击的方法、装置和服务器 | |
CN103152323A (zh) | 控制客户端网络访问行为的方法及系统 | |
CN110909350B (zh) | 一种远程精准识别WebShell后门的方法 | |
Ambedkar et al. | A comprehensive inspection of cross site scripting attack | |
CA3093021A1 (en) | Automated security testing system and method | |
KR101487476B1 (ko) | 악성도메인을 검출하기 위한 방법 및 장치 | |
CN112016096A (zh) | 一种xss漏洞的审计方法、装置 | |
Chen et al. | URadar: Discovering Unrestricted File Upload Vulnerabilities via Adaptive Dynamic Testing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310052 and 15 layer Applicant after: DBAPPSECURITY Ltd. Address before: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310052 and 15 layer Applicant before: DBAPPSECURITY Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201022 Address after: Floor 3, no.665, Zhangjiang Road, Pudong New Area, Shanghai, 201210 Patentee after: Shanghai Anheng Smart City Security Technology Co., Ltd Address before: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310052 and 15 layer Patentee before: Hangzhou Anheng Information Technology Co.,Ltd. |