CN117574372A - Command interception method and device, electronic equipment and storage medium - Google Patents

Command interception method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN117574372A
CN117574372A CN202311609701.0A CN202311609701A CN117574372A CN 117574372 A CN117574372 A CN 117574372A CN 202311609701 A CN202311609701 A CN 202311609701A CN 117574372 A CN117574372 A CN 117574372A
Authority
CN
China
Prior art keywords
command
current execution
preset
execution command
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311609701.0A
Other languages
Chinese (zh)
Inventor
翁迟迟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing QIYI Century Science and Technology Co Ltd
Original Assignee
Beijing QIYI Century Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing QIYI Century Science and Technology Co Ltd filed Critical Beijing QIYI Century Science and Technology Co Ltd
Priority to CN202311609701.0A priority Critical patent/CN117574372A/en
Publication of CN117574372A publication Critical patent/CN117574372A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The embodiment of the invention provides a command interception method, a device, electronic equipment and a storage medium, which relate to the technical field of information security and are used for acquiring code information of a current execution command, wherein the code information comprises codes of functions corresponding to the current execution command; detecting a preset function according to the code information; when the detection result is that the preset function exists, acquiring an associated context code of the detected preset function; judging whether the current execution command is malicious or not according to the associated context code and preset parameters to be intercepted, and intercepting the current execution command when judging that the current execution command is malicious, wherein the associated context code comprises parameters corresponding to a preset function. The detection of the preset function can be firstly carried out, and then the associated context corresponding to the preset function is obtained, so that the detection and the interception of the malicious command are carried out through the associated context of the preset function and the preset interception parameter, and the accuracy of the interception is improved.

Description

Command interception method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a command interception method, a device, an electronic device, and a storage medium.
Background
At present, in the process of executing commands by a system, some malicious commands often exist in running codes, and malicious behaviors corresponding to the malicious commands may cause the system security to be reduced, information to be leaked, and even the system to be completely crashed. Meanwhile, many malicious commands may be camouflaged by various means to evade the existing detection system, resulting in low accuracy in interception of the malicious commands.
Disclosure of Invention
The embodiment of the invention aims to provide a command interception method, a device, electronic equipment and a storage medium, so as to improve the interception accuracy of malicious commands. The specific technical scheme is as follows:
in a first aspect of the present invention, there is provided a command interception method, the method comprising:
acquiring code information of a current execution command, wherein the code information comprises codes of functions corresponding to the current execution command;
detecting a preset function according to the code information;
when the detection result is that the preset function exists, acquiring an associated context code of the detected preset function;
judging whether the current execution command is malicious or not according to the associated context code and preset parameters to be intercepted, and intercepting the current execution command when judging that the current execution command is malicious, wherein the associated context code comprises parameters corresponding to a preset function.
In a possible implementation manner, before the step of obtaining the associated context code of the detected preset function when the detection result is that the preset function exists, the method further includes:
acquiring attribute information of a current execution command;
judging whether the current executing command is a command in a preset white list according to the attribute information, and if so, stopping checking the command.
In a possible implementation manner, the determining, according to the associated context code and a preset parameter to be intercepted, whether the current execution command is malicious or not, and intercepting the current execution command when it is determined that the current execution command is malicious includes:
comparing the parameters corresponding to the preset function in the associated context code with the preset parameters to be intercepted, and intercepting the current execution command if the parameters are the same;
and/or the number of the groups of groups,
and identifying whether the associated context code comprises preset sensitive characters, and if so, intercepting the current execution command.
In a possible implementation manner, before the step of judging whether the current execution command is malicious according to the associated context code and the preset parameters to be intercepted, and intercepting the current execution command when the current execution command is judged to be malicious, the method further includes:
and judging whether the length of the associated context code is smaller than a preset length, and if so, stopping judging.
In a second aspect of the present invention, there is also provided a command interception device, the device comprising:
the information acquisition module is used for acquiring code information of a current execution command, wherein the code information comprises codes of functions corresponding to the current execution command;
the information detection module is used for detecting a preset function according to the code information;
the association code acquisition module is used for acquiring association context codes of the detected preset function when the detection result is that the preset function exists;
and the command interception module is used for judging whether the current execution command is malicious or not according to the associated context code and the preset parameters to be intercepted, and intercepting the current execution command when judging that the current execution command is malicious, wherein the associated context code comprises parameters corresponding to a preset function.
In one possible embodiment, the apparatus further comprises:
the information acquisition sub-module is used for acquiring attribute information of the current execution command;
and the command checking sub-module is used for judging whether the current execution command is a command in a preset white list according to the attribute information, and stopping checking the command if the current execution command is the command in the preset white list.
In one possible implementation, the command interception module includes:
the parameter comparison sub-module is used for comparing the parameters corresponding to the preset function in the associated context code with the preset parameters to be intercepted, and intercepting the current execution command if the parameters are the same;
and the code identification sub-module is used for identifying whether the associated context code comprises preset sensitive characters or not, and if so, intercepting the current execution command.
In one possible embodiment, the apparatus further comprises:
and the length judging module is used for judging whether the length of the associated context code is smaller than a preset length, and if so, stopping judging.
In yet another aspect of the present invention, there is also provided an electronic device including a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory perform communication with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing any one of the command interception methods when executing the programs stored in the memory.
In yet another aspect of the present invention, there is also provided a computer readable storage medium having stored therein a computer program which, when executed by a processor, implements any of the command interception methods described above.
In yet another aspect of the invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the command interception methods described above.
The embodiment of the invention provides a command interception method, a device, electronic equipment and a storage medium, wherein code information of a current execution command is obtained, and the code information comprises codes of functions corresponding to the current execution command; detecting a preset function according to the code information; when the detection result is that the preset function exists, acquiring an associated context code of the detected preset function; judging whether the current execution command is malicious or not according to the associated context code and preset parameters to be intercepted, and intercepting the current execution command when judging that the current execution command is malicious, wherein the associated context code comprises parameters corresponding to a preset function. The detection of the preset function can be firstly carried out, and then the associated context corresponding to the preset function is obtained, so that the detection and the interception of the malicious command are carried out through the associated context of the preset function and the preset interception parameter, and the accuracy of the interception is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
FIG. 1 is a schematic flow chart of a command interception method according to an embodiment of the invention;
FIG. 2 is a schematic flow chart of a preset white list determination in an embodiment of the present invention;
FIG. 3 is a schematic flow chart of another command interception method according to an embodiment of the invention;
FIG. 4 is a schematic diagram of a command interception device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.
In order to solve the problem of low detection efficiency in the existing malicious command detection process, the invention provides a command interception method, a device, electronic equipment and a storage medium.
In a first aspect of the present invention, there is provided a command interception method, referring to fig. 1, the method including:
step S11, code information of a current execution command is obtained, wherein the code information comprises codes of functions corresponding to the current execution command;
step S12, detecting a preset function according to the code information;
step S13, when the detection result is that the preset function exists, acquiring the associated context code of the detected preset function;
step S14, judging whether the current execution command is malicious or not according to the associated context code and the preset parameters to be intercepted, and intercepting the current execution command when judging that the current execution command is malicious, wherein the associated context code comprises parameters corresponding to a preset function.
It can be seen that, by the method of the embodiment of the present application, detection of the preset function may be performed first, and then the associated context corresponding to the preset function may be obtained, so that detection and interception of the malicious command may be performed through the associated context of the preset function and the preset interception parameter, thereby improving accuracy of interception.
In the above step S11, the currently executed command may refer to a command currently being executed. The method of the embodiment of the present application may be implemented by a Java Agent (Java Agent), for example, a Java Agent may be injected into a Java (a computer language) service before executing a command, and code information may be acquired by the Java Agent. The Java Agent may include relevant security detection protection logic, and a specific Java Agent may be understood as an injection command to jvm (Java virtual machine), for example, may be used to specify a jar (a software package file format) package and run its code in other Java process spaces.
In the step S12, detection of the preset function is performed according to the code information, multiple functions may be preset, and then the multiple functions are compared with the obtained code information, so as to obtain the preset code information in the code information. For example, identifying different functions at the bottom of linux (a computer system) and windows (a computer system), preventing command execution from bypassing, and acquiring corresponding execution commands and parameters, such as command ls and parameter-al, in particular, class full defined names may include java. Lang (a language file) [ UNIXProcess, java.lang.ProcessImpl; the corresponding methods may include forkandexc and create.
In the step S13, the associated context code of the preset function may include the preset function and parameters corresponding to the preset function. For example, detection of a preset function is performed if uri of the current http (Hypertext Transfer Protocol ) is jsp-ended or jspx-ended; and (3) a hook (a function called by the operating system) related function, when a jsp key function is called, judging that the function is a preset function, and acquiring corresponding context information.
In the step S14, according to the associated context code and the preset parameters to be intercepted, whether the current execution command is malicious is determined, and interception can be performed when the current execution command is malicious. Specifically, the judging is performed according to the associated context code and the preset parameter to be intercepted, the comparison can be performed according to the preset parameter to be intercepted and the parameter in the associated context code, and if the comparison exists, the judgment is malicious. For example, a hook related function, when a key function of jsp (Java Server Pages) is called, sets a thread local variable of IsJSP, illustrating entry into a jsp call chain; if the uri is the jsp end and if there is an incoming or like jsp call chain, indicating that the current request is jsp, entering high-risk jsp command interception, judging that the current request is a preset function, and acquiring corresponding context information.
In a possible implementation manner, corresponding to step S13, before the step of obtaining the associated context code of the detected preset function when the detection result is that the preset function exists, referring to fig. 2, the method further includes:
step S21, obtaining attribute information of a current execution command;
step S22, judging whether the current execution command is a command in a preset white list according to the attribute information, and if so, stopping checking the command.
In the actual use process, a white list may be preset, and the white list may include a plurality of normal commands. For example, commands that these tools often execute need to be added to the command whitelist to avoid false alarms caused by business operations. In the actual use process, the white list can be set according to the public information, and can be updated according to the command detection result of the application.
In a possible implementation manner, when the detection result is that the preset function exists, acquiring the associated context code of the detected preset function includes: when the detection result is that a preset function exists, analyzing codes corresponding to the preset function; and acquiring the detected associated context code of the preset function according to the analysis result. For example, consider java/lang/unixpprocess as an example, where java/lang/ProcessBuilder (a function) points, the implementation proceeds to the hook. When the function call checking is executed by the command with the empty filtered http request, the analysis of the http request consumes CPU (Central Processing Unit ) and other computing resources to store the request data of the http in the local program variable, and the analysis is performed when the sensitive function hook is triggered, so that the processing efficiency is improved.
In a possible implementation manner, corresponding to the step S14, the determining, according to the associated context code and a preset parameter to be intercepted, whether the current execution command is malicious or not, and intercepting the current execution command when it is determined that the current execution command is malicious, see fig. 3, includes:
s31, comparing the parameters corresponding to the preset function in the associated context code with the preset parameters to be intercepted, and intercepting the current execution command if the parameters are the same;
and/or the number of the groups of groups,
step S32, whether the associated context code comprises preset sensitive characters or not is identified, and if so, the current execution command is intercepted.
Judging whether the current http request is triggered by jsp, and intercepting if the current http request is triggered by jsp and is usually caused by a back gate of a hacker because the jsp does not directly execute the command. The current http is a jsp request judging method, if the uri of the current http is a jsp end or a jspx end; a hook related function, when a key function of jsp is called, setting a thread local variable of IsJSP, and describing to perform jsp call chain; if the uri is the jsp end and the incoming jsp call chain is satisfied at the same time, indicating that the current request is jsp, then high-risk jsp command interception is performed. When the executed command appears in get (a function for acquiring data)/post (a computer function)/cookie (data stored on the user's local terminal)/header (the server transmits HTML data to the string sent before the browser in HTTP protocol) (i.e., the command is controlled by user input), it is directly intercepted; skipping shorter parameters to prevent false alarms generated by too short commands; the request parameters and the command are completely equal, and the request parameters and the command are directly intercepted; the request parameter is a part of command execution, and is a parameter for causing a flash (computer program)/cmd (command hint) or the like to be executed, intercepted; the rce command exists in the request parameter, and interception is performed; rce (remote command execution vulnerability) command contains a sensitive bypass character string, directly intercepts, and has a confidence degree of high (high function); the dangerous stack is contained, the dangerous stack is directly intercepted, and the confidence is high.
In a possible implementation manner, before the step of judging whether the current execution command is malicious according to the associated context code and the preset parameters to be intercepted, and intercepting the current execution command when the current execution command is judged to be malicious, the method further includes: and judging whether the length of the associated context code is smaller than a preset length, and if so, stopping judging. By judging whether the length of the associated context code is smaller than the preset length or not, the parameters which are too short can be skipped by stopping the association context code to be smaller than the preset length, false alarm caused by too short command can be prevented, and the detection accuracy is improved.
In a second aspect of the present invention, there is also provided a command interception device, see fig. 4, the device comprising:
an information obtaining module 401, configured to obtain code information of a current execution command, where the code information includes a code of a function corresponding to the current execution command;
an information detection module 402, configured to detect a preset function according to the code information;
an association code obtaining module 403, configured to obtain an association context code of the detected preset function when the detection result is that the preset function exists;
the command interception module 404 is configured to determine whether the current execution command is malicious according to the associated context code and a preset parameter to be intercepted, and intercept the current execution command when the current execution command is determined to be malicious, where the associated context code includes a parameter corresponding to a preset function.
In one possible embodiment, the apparatus further comprises:
the information acquisition sub-module is used for acquiring attribute information of the current execution command;
and the command checking sub-module is used for judging whether the current execution command is a command in a preset white list according to the attribute information, and stopping checking the command if the current execution command is the command in the preset white list.
In one possible implementation, the command interception module includes:
the parameter comparison sub-module is used for comparing the parameters corresponding to the preset function in the associated context code with the preset parameters to be intercepted, and intercepting the current execution command if the parameters are the same;
and the code identification sub-module is used for identifying whether the associated context code comprises preset sensitive characters or not, and if so, intercepting the current execution command.
In one possible embodiment, the apparatus further comprises:
and the length judging module is used for judging whether the length of the associated context code is smaller than a preset length, and if so, stopping judging.
It can be seen that, by the device of the embodiment of the present application, detection of the preset function can be performed first, and then the associated context corresponding to the preset function is obtained, so that detection and interception of the malicious command are performed through the associated context of the preset function and the preset interception parameter, and thus the accuracy of interception is improved.
The embodiment of the invention also provides an electronic device, as shown in fig. 5, which comprises a processor 501, a communication interface 502, a memory 503 and a communication bus 504, wherein the processor 501, the communication interface 502 and the memory 503 complete communication with each other through the communication bus 504,
a memory 503 for storing a computer program;
the processor 501 is configured to execute the program stored in the memory 503, and implement the following steps:
acquiring code information of a current execution command, wherein the code information comprises codes of functions corresponding to the current execution command;
detecting a preset function according to the code information;
when the detection result is that the preset function exists, acquiring an associated context code of the detected preset function;
judging whether the current execution command is malicious or not according to the associated context code and preset parameters to be intercepted, and intercepting the current execution command when judging that the current execution command is malicious, wherein the associated context code comprises parameters corresponding to a preset function.
The communication bus mentioned by the above terminal may be a peripheral component interconnect standard (Peripheral Component Interconnect, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the terminal and other devices.
The memory may include random access memory (Random Access Memory, RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processor, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment of the present invention, there is also provided a computer readable storage medium having stored therein a computer program which, when executed by a processor, implements the command interception method according to any one of the above embodiments.
In yet another embodiment of the present invention, a computer program product containing instructions that, when run on a computer, cause the computer to perform the command interception method of any one of the above embodiments is also provided.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for apparatus, electronic devices, storage media and computer program product embodiments, the description is relatively simple, as it is substantially similar to method embodiments, with reference to the description of method embodiments in part.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (10)

1. A command interception method, the method comprising:
acquiring code information of a current execution command, wherein the code information comprises codes of functions corresponding to the current execution command;
detecting a preset function according to the code information;
when the detection result is that the preset function exists, acquiring an associated context code of the detected preset function;
judging whether the current execution command is malicious or not according to the associated context code and preset parameters to be intercepted, and intercepting the current execution command when judging that the current execution command is malicious, wherein the associated context code comprises parameters corresponding to a preset function.
2. The method of claim 1, wherein before the obtaining the associated context code of the detected preset function when the detection result is that the preset function exists, the method further comprises:
acquiring attribute information of a current execution command;
judging whether the current executing command is a command in a preset white list according to the attribute information, and if so, stopping checking the command.
3. The method according to claim 1, wherein the determining whether the current execution command is malicious according to the associated context code and a preset parameter to be intercepted, and intercepting the current execution command when the current execution command is malicious, comprises:
comparing the parameters corresponding to the preset function in the associated context code with the preset parameters to be intercepted, and intercepting the current execution command if the parameters are the same;
and/or the number of the groups of groups,
and identifying whether the associated context code comprises preset sensitive characters, and if so, intercepting the current execution command.
4. The method of claim 1, wherein before said determining whether a currently executed command is malicious according to the associated context code and a preset parameter to be intercepted, and intercepting the currently executed command when it is determined that it is malicious, the method further comprises:
and judging whether the length of the associated context code is smaller than a preset length, and if so, stopping judging.
5. A command interception device, said device comprising:
the information acquisition module is used for acquiring code information of a current execution command, wherein the code information comprises codes of functions corresponding to the current execution command;
the information detection module is used for detecting a preset function according to the code information;
the association code acquisition module is used for acquiring association context codes of the detected preset function when the detection result is that the preset function exists;
and the command interception module is used for judging whether the current execution command is malicious or not according to the associated context code and the preset parameters to be intercepted, and intercepting the current execution command when judging that the current execution command is malicious, wherein the associated context code comprises parameters corresponding to a preset function.
6. The apparatus of claim 5, wherein the apparatus further comprises:
the information acquisition sub-module is used for acquiring attribute information of the current execution command;
and the command checking sub-module is used for judging whether the current execution command is a command in a preset white list according to the attribute information, and stopping checking the command if the current execution command is the command in the preset white list.
7. The apparatus of claim 5, wherein the command interception module comprises:
the parameter comparison sub-module is used for comparing the parameters corresponding to the preset function in the associated context code with the preset parameters to be intercepted, and intercepting the current execution command if the parameters are the same;
and the code identification sub-module is used for identifying whether the associated context code comprises preset sensitive characters or not, and if so, intercepting the current execution command.
8. The apparatus of claim 5, wherein the apparatus further comprises:
and the length judging module is used for judging whether the length of the associated context code is smaller than a preset length, and if so, stopping judging.
9. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for carrying out the method steps of any one of claims 1-4 when executing a program stored on a memory.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program which, when executed by a processor, implements the method steps of any of claims 1-4.
CN202311609701.0A 2023-11-29 2023-11-29 Command interception method and device, electronic equipment and storage medium Pending CN117574372A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311609701.0A CN117574372A (en) 2023-11-29 2023-11-29 Command interception method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311609701.0A CN117574372A (en) 2023-11-29 2023-11-29 Command interception method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117574372A true CN117574372A (en) 2024-02-20

Family

ID=89889772

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311609701.0A Pending CN117574372A (en) 2023-11-29 2023-11-29 Command interception method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117574372A (en)

Similar Documents

Publication Publication Date Title
CN109688097B (en) Website protection method, website protection device, website protection equipment and storage medium
CN108664793B (en) Method and device for detecting vulnerability
KR101724307B1 (en) Method and system for detecting a malicious code
CN113489713B (en) Network attack detection method, device, equipment and storage medium
US8353033B1 (en) Collecting malware samples via unauthorized download protection
CN109768992B (en) Webpage malicious scanning processing method and device, terminal device and readable storage medium
CN112003838B (en) Network threat detection method, device, electronic device and storage medium
CN110765464B (en) Vulnerability detection method, device, equipment and computer storage medium
CN111782416B (en) Data reporting method, device, system, terminal and computer readable storage medium
CN112291258B (en) Gateway risk control method and device
CN106548075B (en) Vulnerability detection method and device
CN113518077A (en) Malicious web crawler detection method, device, equipment and storage medium
CN109067794B (en) Network behavior detection method and device
CN115348086B (en) Attack protection method and device, storage medium and electronic equipment
CN107103243B (en) Vulnerability detection method and device
KR100916324B1 (en) The method, apparatus and system for managing malicious code spreading site using fire wall
KR101803225B1 (en) System and Method for detecting malicious websites at high speed based multi-server, multi-docker
CN113051571B (en) Method and device for detecting false alarm vulnerability and computer equipment
CN111314326B (en) Method, device, equipment and medium for confirming HTTP vulnerability scanning host
CN113127862B (en) XXE attack detection method and device, electronic equipment and storage medium
CN115296895B (en) Request response method and device, storage medium and electronic equipment
CN111131166A (en) User behavior prejudging method and related equipment
CN117574372A (en) Command interception method and device, electronic equipment and storage medium
CN115442109A (en) Method, device, equipment and storage medium for determining network attack result
CN112948831B (en) Application risk identification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination