CN110309654A - The safety detection method and device that picture uploads - Google Patents
The safety detection method and device that picture uploads Download PDFInfo
- Publication number
- CN110309654A CN110309654A CN201910589697.3A CN201910589697A CN110309654A CN 110309654 A CN110309654 A CN 110309654A CN 201910589697 A CN201910589697 A CN 201910589697A CN 110309654 A CN110309654 A CN 110309654A
- Authority
- CN
- China
- Prior art keywords
- picture
- file
- picture file
- uploads
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Abstract
The present invention relates to technical field of network security, present invention seek to address that the problem of being easy when picture uploads by attacker using malicious attack is caused, it is proposed a kind of safety detection method and device that picture uploads, the described method includes: receiving the picture file uploaded, the parameter of the picture file is detected, if the abnormal parameters of picture file, determine that there are security risks for the picture file;If the parameter of the picture file is normal, the character stream of picture file is obtained, the malicious code in the character stream and malicious code library is subjected to similarity mode, if the similarity is greater than preset value, determines that there are security risks for the picture file.The present invention is realized to the comprehensive safety detection of uploading pictures file, is reduced probability of the background system by malicious attack, is improved safety.
Description
Technical field
The present invention relates to technical field of network security, relate in particular to a kind of safety detection method and dress that picture uploads
It sets.
Background technique
Background system has place of uploading pictures, such as upload user head portrait, upload screenshot etc. substantially at present.Maliciously
Attacker then needs following three conditions: uploading point, absolute path, execution if it is desired to using uploading pictures function upload shell
Permission.Such as: using parsing loophole, uploads xx.jpg/xx.php and carry out malicious act;Using .htaccess, upload with evil
The jpg file of meaning code;Using 00 truncation, uploads with malicious code and the entitled xx.php.jpg of file is (in packet capturing software
00) hexadecimal of second is become, it then can be when saving file in this way in the background system having, file is entitled
Xx.php rather than xx.php.jpg;Loophole is parsed using suffix name, uploads xx.php.abc, some servers are because cannot know
Other abc suffix, so the analysable suffix name of Look-ahead, to be performed malicious act.
Although most of background system has also done safety detection to uploading pictures in the prior art, context of detection is few,
Detection intensity is low, is easy to be utilized by malicious attacker, uploads by camouflage and have the picture of malicious code, and then obtains backstage
System control authority.
Summary of the invention
Present invention seek to address that the problem of being easy when picture uploads by attacker using malicious attack is caused, proposes a kind of figure
The safety detection method and device that piece uploads.
The technical proposal adopted by the invention to solve the above technical problems is that: the safety detection method that picture uploads, including
Following steps:
Step 1. receives the picture file uploaded, detects to the parameter of the picture file, if the ginseng of picture file
Number is abnormal, then determines that there are security risks for the picture file;
If the parameter of step 2. picture file is normal, the character stream of picture file is obtained, by the character stream and is disliked
Malicious code in meaning code library carries out similarity mode, if the similarity is greater than preset value, determines the picture file
There are security risks.
Further, the parameter of picture file is detected to realize, in step 1, the parameter to picture file
Carrying out detection includes: filename path detection, filename truncation detection, file extension detection and file content types detection.
Further, to realize to the complete detection of picture file, the method also includes: to the picture file of upload
File magic number is detected, if the file magic number of the picture file and the format of picture file be not corresponding, determines the figure
There are security risks for piece file.
Further, to realize the destruction to undetected malicious code, the method also includes: if the similarity
No more than preset value, compression processing is carried out to the picture file of upload, or cutting processing is carried out to the picture file of upload.
To further realize the destruction to undetected malicious code, the method also includes: if the similarity is not
Greater than preset value, secondary rendering is carried out to the picture file of upload, only extracts the data for representing picture.
The present invention also proposes a kind of safety detection device that picture uploads, comprising:
First detection unit detects the parameter of the picture file, for receiving the picture file uploaded if figure
The abnormal parameters of piece file then determine that there are security risks for the picture file;
Second detection unit obtains the character stream of picture file if the parameter for the picture file is normal, will be described
Malicious code in character stream and malicious code library carries out similarity mode, if the similarity is greater than preset value, determines institute
Stating picture file, there are security risks.
Further, the first detection unit is also used to carry out filename path detection, text to the picture file of upload
Part name truncation detection, file extension detection and file content types detection.
Further, the safety detection device that the picture uploads further include:
Third detection unit, the file magic number for the picture file to upload detect, if the picture file
File magic number and the format of picture file be not corresponding, then determines that there are security risks for the picture file.
Further, the safety detection device that the picture uploads further include:
Picture processing unit carries out at compression the picture file of upload if being not more than preset value for the similarity
Reason, or cutting processing is carried out to the picture file of upload.
Further, the picture processing unit is also used to: if the similarity is not more than preset value, to the picture of upload
File carries out secondary rendering, only extracts the data for representing picture.
The beneficial effects of the present invention are: safety detection method and device that picture of the present invention uploads, by figure
The parameter of piece file and the character stream of picture file realize the complete detection to uploading pictures, realize complete to uploading pictures file
The safety detection and processing in face, reduce probability of the background system by malicious attack, improve the safety of background system.
Detailed description of the invention
Fig. 1 is the flow diagram for the safety detection method that picture described in the embodiment of the present invention uploads;
Fig. 2 is the structural schematic diagram for the safety detection device that picture described in the embodiment of the present invention uploads.
Specific embodiment
Embodiments of the present invention are described in detail below in conjunction with attached drawing.
The safety detection method that picture of the present invention uploads, as shown in Figure 1, comprising the following steps: step 1. receives
The picture file of upload detects the parameter of the picture file, if the abnormal parameters of picture file, determines the figure
There are security risks for piece file;If the parameter of step 2. picture file is normal, the character stream of picture file is obtained, it will be described
Malicious code in character stream and malicious code library carries out similarity mode, if the similarity is greater than preset value, determines institute
Stating picture file, there are security risks.
Specifically, receiving the picture file uploaded is usually that server receives the picture file that client uploads, picture
It include many for characterizing the image parameters of the picture attribute, e.g., filename path, file extension and file content in file
Type detects all image parameters, judges that the picture file is true picture file, the vacation after still being pretended
Picture file, when being determined as true picture file, the malicious code in character stream and malicious code library to picture file is carried out
Matching, malicious code library, which can be, attacks the malicious code set that record is obtained and established according to history, when the word of picture file
When the similarity of malicious code in Fu Liuyu malicious code library is more than preset value, then it represents that can in the character stream of the picture file
It can be concealed with malicious attack code, determining picture file at this time, there are security risks.
Wherein, carrying out detection to the parameter of picture file includes: filename path detection, filename truncation detection, file
Extension name detection and file content types detection.
Specifically, filename path detection i.e. search picture file in whether there is designated character, such as " ", "/",
": ", "? ", " * ", " | ", " " ", "<", ">" etc., and if it exists, then indicate that the filename path of the picture file is abnormal, Ke Nengwei
False picture file after camouflage determines that there are security risks for the picture file uploaded at this time.
Picture file name character string is first converted to 16 systems by filename interception detection, and detection wherein whether there is 00 word
Section, and if it exists, then indicate that the filename of the picture file is abnormal, may be the false picture file after camouflage, determine to upload at this time
Picture file there are security risks.
Whether the i.e. detection file type of file extension detection is picture type, and the file extension of picture type includes
Jpg, jpeg, png, gif determine that the picture file uploaded exists if the extension name of uploading pictures file is not picture type
Security risk.
File content types detection is Content-Type content detection, is confirmed according to the file extension of picture file
Whether MIME is corresponding image/jpeg, image/png, image/gif, if it is not, then determining that the picture file uploaded exists
Security risk.
Optionally, the safety detection method that the picture uploads further include: to the file magic number of the picture file of upload into
Row detection determines that the picture file exists if the file magic number of the picture file and the format of picture file be not corresponding
Security risk.
Specifically, whether being corresponded to according to Content-Type content check file magic number, for example, jpg file corresponding 16
System magic number is 00 10 4A 46 49 46 of FF D8 FF E0, and the corresponding 16 system magic numbers of png file are 47 49 46 38 39
The corresponding 16 system magic numbers of 61, gif files are 89 50 4E 47, if it is not, then determining the picture file uploaded, there are security risks.
Optionally, after carrying out safety detection to picture file by above method, if not finding the picture file uploaded
There are security risks, can also carry out compression processing to picture file and need to judge picture file before carrying out compression processing
File format directly can carry out compression processing to it, compression algorithm can be if the format of picture file is jpg format
Google's guetzli algorithm needs to be converted if the format of picture file is not jpg format, such as png format and gif format
To carry out compression processing after jpg format, after picture file carries out compression processing, not only in the case where not influencing viewing effect
File size can be reduced, additionally it is possible to safety detection be not detected to the malicious code come and destroyed.
Optionally, picture file can also be carried out cutting processing or secondary rendering processing, wherein cutting processing can be with
It is that the length and width of picture are cut to a unit pixel respectively or increase a unit pixel, and then are effectively destroyed undetected
Malicious code;Picture is subjected to secondary rendering processing, only extracting the data for representing picture has one by the deletion of secondary rendering
Malicious code can be deleted by determining probability.
Based on the above-mentioned technical proposal, the present invention also proposes a kind of safety detection device that picture uploads, as shown in Fig. 2, packet
It includes:
First detection unit detects the parameter of the picture file, for receiving the picture file uploaded if figure
The abnormal parameters of piece file then determine that there are security risks for the picture file;
Second detection unit obtains the character stream of picture file if the parameter for the picture file is normal, will be described
Malicious code in character stream and malicious code library carries out similarity mode, if the similarity is greater than preset value, determines institute
Stating picture file, there are security risks.
Optionally, the first detection unit is also used to carry out filename path detection, file to the picture file of upload
Name truncation detection, file extension detection and file content types detection.
Optionally, the safety detection device that the picture uploads further include:
Third detection unit, the file magic number for the picture file to upload detect, if the picture file
File magic number and the format of picture file be not corresponding, then determines that there are security risks for the picture file.
Optionally, the safety detection device that the picture uploads further include:
Picture processing unit carries out at compression the picture file of upload if being not more than preset value for the similarity
Reason, or cutting processing is carried out to the picture file of upload.
Optionally, the picture processing unit is also used to: if the similarity is not more than preset value, to the picture text of upload
Part carries out secondary rendering, only extracts the data for representing picture.
It is appreciated that the safety detection device that the picture as described in the embodiment of the present invention uploads is for realizing the figure
The device for the safety detection method that piece uploads, for the device disclosed in the embodiment, as itself and method disclosed in embodiment
Corresponding, so description is relatively simple, related place illustrates referring to the part of method.The peace uploaded due to above-mentioned picture
Full detection method can be improved the safety of background system, therefore, realize the device for the safety detection method that above-mentioned picture uploads
It equally can be improved the safety of background system.
Claims (10)
1. the safety detection method that picture uploads, which comprises the following steps:
Step 1. receives the picture file uploaded, detects to the parameter of the picture file, if the parameter of picture file is different
Often, then determine that there are security risks for the picture file;
If the parameter of step 2. picture file is normal, the character stream of picture file is obtained, by the character stream and malice generation
Malicious code in code library carries out similarity mode, if the similarity is greater than preset value, determines that the picture file exists
Security risk.
2. the safety detection method that picture as described in claim 1 uploads, which is characterized in that described to picture text in step 1
It includes: filename path detection, filename truncation detection, file extension detection and file content class that the parameter of part, which carries out detection,
Type detection.
3. the safety detection method that picture as described in claim 1 uploads, which is characterized in that the method also includes: to upper
The file magic number of the picture file of biography is detected, if the file magic number of the picture file and the format of picture file be not right
It answers, then determines that there are security risks for the picture file.
4. the safety detection method that picture as described in claim 1 uploads, which is characterized in that the method also includes: if institute
It states similarity and compression processing is carried out to the picture file of upload no more than preset value, or the picture file of upload is cut out
Cut processing.
5. the safety detection method that picture as described in claim 1 uploads, which is characterized in that the method also includes: if institute
Similarity is stated no more than preset value, secondary rendering is carried out to the picture file of upload, only extracts the data for representing picture.
6. the safety detection device that picture uploads characterized by comprising
First detection unit detects the parameter of the picture file, for receiving the picture file uploaded if picture is literary
The abnormal parameters of part then determine that there are security risks for the picture file;
Second detection unit obtains the character stream of picture file if the parameter for the picture file is normal, by the character
Stream carries out similarity mode with the malicious code in malicious code library, if the similarity is greater than preset value, determines the figure
There are security risks for piece file.
7. the safety detection device that picture as claimed in claim 6 uploads, which is characterized in that the first detection unit is also used
In carrying out to the picture file of upload, filename path detection, filename truncation detection, file extension detects and file content
Type detection.
8. the safety detection device that picture as claimed in claim 6 uploads, which is characterized in that described device further include:
Third detection unit, the file magic number for the picture file to upload detects, if the file of the picture file
Magic number and the format of picture file be not corresponding, then determines that there are security risks for the picture file.
9. the safety detection device that picture as claimed in claim 6 uploads, which is characterized in that described device further include:
Picture processing unit carries out compression processing to the picture file of upload if being not more than preset value for the similarity, or
Person carries out cutting processing to the picture file of upload.
10. the safety detection device that picture as claimed in claim 6 uploads, which is characterized in that the picture processing unit is also
For: if the similarity is not more than preset value, secondary rendering is carried out to the picture file of upload, only extracts the number for representing picture
According to.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910589697.3A CN110309654A (en) | 2019-06-28 | 2019-06-28 | The safety detection method and device that picture uploads |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910589697.3A CN110309654A (en) | 2019-06-28 | 2019-06-28 | The safety detection method and device that picture uploads |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110309654A true CN110309654A (en) | 2019-10-08 |
Family
ID=68078024
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910589697.3A Pending CN110309654A (en) | 2019-06-28 | 2019-06-28 | The safety detection method and device that picture uploads |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110309654A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104142924A (en) * | 2013-05-06 | 2014-11-12 | 中国移动通信集团福建有限公司 | Method and device for compressing flash picture format |
CN104537309A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | Application program bug detection method, application program bug detection device and server |
CN105471904A (en) * | 2015-12-29 | 2016-04-06 | 深圳市瑞铭无限科技有限公司 | Safety verification method and device for uploading picture |
US20160232352A1 (en) * | 2015-02-06 | 2016-08-11 | Qualcomm Incorporated | Methods and Systems for Detecting Fake User Interactions with a Mobile Device for Improved Malware Protection |
CN108509775A (en) * | 2018-02-08 | 2018-09-07 | 暨南大学 | A kind of malice PNG image-recognizing methods based on machine learning |
CN109327451A (en) * | 2018-10-30 | 2019-02-12 | 深信服科技股份有限公司 | A kind of method, system, device and medium that the upload verifying of defence file bypasses |
-
2019
- 2019-06-28 CN CN201910589697.3A patent/CN110309654A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104142924A (en) * | 2013-05-06 | 2014-11-12 | 中国移动通信集团福建有限公司 | Method and device for compressing flash picture format |
CN104537309A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | Application program bug detection method, application program bug detection device and server |
US20160232352A1 (en) * | 2015-02-06 | 2016-08-11 | Qualcomm Incorporated | Methods and Systems for Detecting Fake User Interactions with a Mobile Device for Improved Malware Protection |
CN105471904A (en) * | 2015-12-29 | 2016-04-06 | 深圳市瑞铭无限科技有限公司 | Safety verification method and device for uploading picture |
CN108509775A (en) * | 2018-02-08 | 2018-09-07 | 暨南大学 | A kind of malice PNG image-recognizing methods based on machine learning |
CN109327451A (en) * | 2018-10-30 | 2019-02-12 | 深信服科技股份有限公司 | A kind of method, system, device and medium that the upload verifying of defence file bypasses |
Non-Patent Citations (2)
Title |
---|
ITEYE_11305: "利用jmagick清除图片中的恶意信息", 《HTTPS://BLOG.CSDN.NET/ITEYE_11305/ARTICLE/DETAILS/82678043》 * |
未来正能量: "如何防范上传的图片包含恶意代码", 《HTTPS://ZHIDAO.BAIDU.COM/QUESTION/813158374061515092.HTML》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9215197B2 (en) | System, method, and computer program product for preventing image-related data loss | |
CN112468520B (en) | Data detection method, device and equipment and readable storage medium | |
WO2015120752A1 (en) | Method and device for handling network threats | |
CN110096889B (en) | File detection method, device, equipment and computer readable storage medium | |
US20070139231A1 (en) | Systems and methods for enterprise-wide data identification, sharing and management in a commercial context | |
CN110034921B (en) | Webshell detection method based on weighted fuzzy hash | |
CN105592017B (en) | The defence method and system of cross-site scripting attack | |
CN111628990A (en) | Attack recognition method and device and server | |
WO2017034668A1 (en) | Detecting suspicious file prospecting activity from patterns of user activity | |
EP3331213A1 (en) | Access to data on a remote device | |
JP2013232716A (en) | Attack determination apparatus, attack determination method and attack determination program | |
EP3537319A1 (en) | Tamper protection and video source identification for video processing pipeline | |
CN107911219A (en) | A kind of anti-CC methods of API based on key signature | |
JP4740706B2 (en) | Fraud image detection apparatus, method, and program | |
CN114039774B (en) | Blocking method, detection method and device for malicious PE program | |
CN113726818B (en) | Method and device for detecting lost host | |
CN115062293A (en) | Weak password detection method and device, storage medium, electronic equipment and computer program product | |
JPWO2018143097A1 (en) | Judgment apparatus, judgment method, and judgment program | |
CN113315785B (en) | Alarm reduction method, device, equipment and computer readable storage medium | |
KR102224469B1 (en) | Live Streaming Video Contents Protection System | |
Hajiali et al. | Preventing phishing attacks using text and image watermarking | |
CN110309654A (en) | The safety detection method and device that picture uploads | |
Cruz et al. | Steganography and data hiding in flash video (FLV) | |
US20200153842A1 (en) | System and method for preventing a stegosploit attack | |
KR101390475B1 (en) | System and method for detecting malicious code based on network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191008 |