CN107911355B - 一种基于攻击链的网站后门利用事件识别方法 - Google Patents
一种基于攻击链的网站后门利用事件识别方法 Download PDFInfo
- Publication number
- CN107911355B CN107911355B CN201711086376.9A CN201711086376A CN107911355B CN 107911355 B CN107911355 B CN 107911355B CN 201711086376 A CN201711086376 A CN 201711086376A CN 107911355 B CN107911355 B CN 107911355B
- Authority
- CN
- China
- Prior art keywords
- attack
- behavior
- website
- attack behavior
- chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711086376.9A CN107911355B (zh) | 2017-11-07 | 2017-11-07 | 一种基于攻击链的网站后门利用事件识别方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711086376.9A CN107911355B (zh) | 2017-11-07 | 2017-11-07 | 一种基于攻击链的网站后门利用事件识别方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107911355A CN107911355A (zh) | 2018-04-13 |
CN107911355B true CN107911355B (zh) | 2020-05-01 |
Family
ID=61842829
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711086376.9A Active CN107911355B (zh) | 2017-11-07 | 2017-11-07 | 一种基于攻击链的网站后门利用事件识别方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107911355B (zh) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040071B (zh) * | 2018-08-06 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | 一种web后门攻击事件的确认方法 |
CN110636086B (zh) * | 2019-11-13 | 2023-12-26 | 国家电网有限公司 | 网络防护测试方法及装置 |
CN111031025B (zh) * | 2019-12-07 | 2022-04-29 | 杭州安恒信息技术股份有限公司 | 一种自动化检测验证Webshell的方法及装置 |
CN111191237B (zh) * | 2019-12-19 | 2022-08-30 | 杭州安恒信息技术股份有限公司 | 一种基于rce漏洞的web后门检测装置及检测方法 |
CN113472725B (zh) * | 2020-03-31 | 2023-04-07 | 阿里巴巴集团控股有限公司 | 一种数据处理的方法和装置 |
CN112788035B (zh) * | 2021-01-13 | 2023-02-28 | 深圳震有科技股份有限公司 | 一种5g下upf终端的网络攻击告警方法和终端 |
CN112910895B (zh) * | 2021-02-02 | 2022-11-15 | 杭州安恒信息技术股份有限公司 | 网络攻击行为检测方法、装置、计算机设备和系统 |
CN113438249B (zh) * | 2021-06-30 | 2023-01-31 | 北京科东电力控制系统有限责任公司 | 一种基于策略的攻击溯源方法 |
CN115314255B (zh) * | 2022-07-11 | 2023-12-29 | 深信服科技股份有限公司 | 攻击结果的检测方法、装置、计算机设备和存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3748192B2 (ja) * | 2000-02-24 | 2006-02-22 | 三菱電機株式会社 | 不正通信ソフトウェア検出方法 |
CN103561012A (zh) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | 一种基于关联树的web后门检测方法及系统 |
CN104468477A (zh) * | 2013-09-16 | 2015-03-25 | 杭州迪普科技有限公司 | 一种WebShell的检测方法及系统 |
CN105933268A (zh) * | 2015-11-27 | 2016-09-07 | 中国银联股份有限公司 | 一种基于全量访问日志分析的网站后门检测方法及装置 |
CN107104924A (zh) * | 2016-02-22 | 2017-08-29 | 阿里巴巴集团控股有限公司 | 网站后门文件的验证方法及装置 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101291782B1 (ko) * | 2013-01-28 | 2013-07-31 | 인포섹(주) | 웹쉘 탐지/대응 시스템 |
-
2017
- 2017-11-07 CN CN201711086376.9A patent/CN107911355B/zh active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3748192B2 (ja) * | 2000-02-24 | 2006-02-22 | 三菱電機株式会社 | 不正通信ソフトウェア検出方法 |
CN104468477A (zh) * | 2013-09-16 | 2015-03-25 | 杭州迪普科技有限公司 | 一种WebShell的检测方法及系统 |
CN103561012A (zh) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | 一种基于关联树的web后门检测方法及系统 |
CN105933268A (zh) * | 2015-11-27 | 2016-09-07 | 中国银联股份有限公司 | 一种基于全量访问日志分析的网站后门检测方法及装置 |
CN107104924A (zh) * | 2016-02-22 | 2017-08-29 | 阿里巴巴集团控股有限公司 | 网站后门文件的验证方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN107911355A (zh) | 2018-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107911355B (zh) | 一种基于攻击链的网站后门利用事件识别方法 | |
US11463458B2 (en) | Protecting against and learning attack vectors on web artifacts | |
JP6624771B2 (ja) | クライアントベースローカルマルウェア検出方法 | |
EP3113064B1 (en) | System and method for determining modified web pages | |
US11212305B2 (en) | Web application security methods and systems | |
RU2613535C1 (ru) | Способ обнаружения вредоносных программ и элементов | |
US9973531B1 (en) | Shellcode detection | |
US8812652B2 (en) | Honey monkey network exploration | |
US20100037317A1 (en) | Mehtod and system for security monitoring of the interface between a browser and an external browser module | |
CN107612924B (zh) | 基于无线网络入侵的攻击者定位方法及装置 | |
US20190141075A1 (en) | Method and system for a protection mechanism to improve server security | |
KR101672791B1 (ko) | 모바일 웹 애플리케이션 환경에서의 취약점 탐지 방법 및 시스템 | |
CN102855274A (zh) | 一种可疑进程检测的方法和装置 | |
CN101816148A (zh) | 用于验证、数据传送和防御网络钓鱼的系统和方法 | |
CN110958246B (zh) | 一种基于web服务器的动态智能防护方法及其应用 | |
CN103473501A (zh) | 一种基于云安全的恶意软件追踪方法 | |
Gunawan et al. | Penetration testing using Kali linux: SQL injection, XSS, wordpres, and WPA2 attacks | |
CN110909350B (zh) | 一种远程精准识别WebShell后门的方法 | |
Ajmal et al. | Last line of defense: Reliability through inducing cyber threat hunting with deception in scada networks | |
CN113726790A (zh) | 网络攻击源的识别和封堵方法、系统、装置及介质 | |
Deng et al. | Lexical analysis for the webshell attacks | |
China | NoSQL injection: data security on web vulnerability | |
CN112016096A (zh) | 一种xss漏洞的审计方法、装置 | |
CN111191237B (zh) | 一种基于rce漏洞的web后门检测装置及检测方法 | |
Chen et al. | URadar: Discovering Unrestricted File Upload Vulnerabilities via Adaptive Dynamic Testing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310052 and 15 layer Applicant after: DBAPPSECURITY Ltd. Address before: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310052 and 15 layer Applicant before: DBAPPSECURITY Co.,Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201022 Address after: Floor 3, no.665, Zhangjiang Road, Pudong New Area, Shanghai, 201210 Patentee after: Shanghai Anheng Smart City Security Technology Co., Ltd Address before: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310052 and 15 layer Patentee before: Hangzhou Anheng Information Technology Co.,Ltd. |
|
TR01 | Transfer of patent right |