KR20150049297A - None - Google Patents
None Download PDFInfo
- Publication number
- KR20150049297A KR20150049297A KR1020130129642A KR20130129642A KR20150049297A KR 20150049297 A KR20150049297 A KR 20150049297A KR 1020130129642 A KR1020130129642 A KR 1020130129642A KR 20130129642 A KR20130129642 A KR 20130129642A KR 20150049297 A KR20150049297 A KR 20150049297A
- Authority
- KR
- South Korea
- Prior art keywords
- forgery
- web page
- screen shot
- image
- check
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
Abstract
Description
본 발명은 원격에서 웹페이지 위변조를 탐지하기 위한 방법 및 시스템에 관한 것이다.The present invention relates to a method and system for detecting web page forgery remotely.
웹 서비스는 이미 우리의 일상 생활 깊숙이 들어와 있으며 공공기관, 일반 기업 등 조직과 개인은 홈페이지를 운영하면서 서비스 제공 및 홍보의 수단으로 이용하고 있다. 이러한 홈페이지가 해킹을 당하면 해당 조직은 이미지 훼손, 신뢰도 저하와 같은 직간접적인 피해를 당하게 된다. 또한 악의적 해커들은 자신의 주장을 전달하기 위해 홈페이지 해킹을 통한 핵티비즘 활동을 하고 있다. 홈페이지 해킹을 탐지하기 위해서 기존의 웹페이지 위변조를 점검하는 시스템은 해쉬기법을 적용하거나, N-gram 기법을 이용한 임계치 분석, 해킹 코드 패턴과 비교하는 방식 등이 있으나 이러한 분석 방법들은 모두 웹페이지 컨텐츠 즉, 소스를 파싱하여 점검하는 방식이어서 웹소스의 변화 없이 이미지, 미디어, 플래쉬 등 구성요소만 변화가 있을 경우 탐지할 수가 없다. Web services are already deeply embedded in our daily lives. Organizations and individuals such as public organizations and general companies use the website as a means of providing and promoting services. If such a homepage is hacked, the organization will suffer direct or indirect damage such as image degradation and reliability reduction. Also, malicious hackers are doing hacktivism activities through homepage hacking to deliver their claims. In order to detect the homepage hacking, there is a system for checking the existing web page forgery and alteration, such as applying the hash technique, threshold analysis using the N-gram technique, and comparing with the hacking code pattern. However, , And the source is parsed and checked. Therefore, it is impossible to detect if only the components such as image, media, and flash are changed without changing the web source.
기존의 홈페이지 위변조 탐지 기술은 웹소스를 기준으로 분석하는 방식이다. 웹소스는 그대로지만 홈페이지를 구성하고 있는 이미지, 미디어 등 바이너리 파일이 변경 되었을 경우 웹소스 즉 텍스트 분석 방식은 변화를 탐지해 낼 수 없다.The existing website forgery detection technology is based on web source. Web source, ie text analysis, can not detect changes if binary files such as images, media, etc. that make up the homepage are changed.
상기와 같은 문제점을 해결하기 위하여, 웹페이지 위변조와 관련하여 웹소스 분석 방식이 아닌 웹페이지의 스크린샷을 비교하여 홈페이지 해킹을 탐지한다.In order to solve the above problems, a web page hacking is detected by comparing screen shots of a web page, rather than a web source analysis method, in connection with forgery of a web page.
악의적 해커에 의해 홈페이지가 해킹당했을 경우 홈페이지 위변조를 탐지한다. 웹페이지 전체가 Deface 되었을 경우와 더불어 해커가 웹페이지의 전체 권한을 장악하지 못해 일부 구성 요소만 변경한 경우에도 탐지가 가능하다. 홈페이지 관리자는 웹페이지의 스크린샷 이미지를 보고 직관적으로 해킹 식별이 가능하다.If the homepage is hacked by a malicious hacker, it detects the homepage forgery. In addition to the case where the whole web page is deface, it can be detected even if some components are changed because the hacker does not take full control of the web page. Homepage administrators can identify hacking intuitively by viewing the screenshot image of the web page.
도1은 본 발명의 실시예인 웹페이지 스크린샷을 이용한 위변조 점검 시스템 구성을 도시한 도면.
도2는 본 발명의 실시예인 웹페이지 스크린샷을 이용한 위변조 점검 시스템이 정상 홈페이지와 해킹된 홈페이지의 스크린샷을 비교하여 해킹을 탐지한 도면.BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram showing a configuration of a forgery-and-alteration checking system using a web page screen shot according to an embodiment of the present invention. FIG.
FIG. 2 is a diagram for explaining a hacking by comparing a normal homepage and a screen shot of a hacked homepage, according to a forgery check system using a web page screen shot, which is an embodiment of the present invention.
이하 도면을 참조하여 본 발명의 실시를 위한 구체적인 내용을 설명한다.Hereinafter, the present invention will be described in detail with reference to the drawings.
도1은 본 발명에 따른 웹페이지 위변조 점검 시스템의 개략적인 구성을 도시한 도면이고, 도2는 웹페이지 위변조 점검 시스템이 스크린샷 비교로 해킹을 탐지한 도면이다.FIG. 1 is a diagram showing a schematic configuration of a web page forgery check system according to the present invention, and FIG. 2 is a diagram for detecting a hack by comparing a screen shot with a web page forgery check system.
스크린샷 생성 모듈(10)은 데이터베이스(40)에 저장되어 있는 웹사이트에 접근하여 스크린샷 이미지를 생성하여 데이터베이스(40)에 저장한다. The screen shot generation module 10 accesses a web site stored in the database 40, generates a screen shot image, and stores the generated screen shot image in the database 40.
스크린샷 비교 모듈(20)은 데이터베이스(40)에 저장되어 있는 스크린샷 이미지와 최근에 접근한 스크린샷 이미지를 비교한다. 점검 대상 웹사이트가 정적인 웹페이지일 경우는 이미지에 변화가 있으면 위변조로 탐지를 해서 결과 처리 모듈(30)으로 비교 결과를 전달한다. 동적인 홈페이지의 경우는 이미지의 픽셀 단위로 비교를 하여 Mismatch Rate(%)를 구하고 또한 스크린샷 이미지를 비교하여 이미지 변경이 일어나는 부분을 식별한다. Mismatch Rate 가 다를 경우와 스크린샷 이미지가 변경이 일어나지 않던 부분이 점검시 변경 되었다면 위변조로 탐지한다.The screen shot comparison module 20 compares the screen shot image stored in the database 40 with the recently accessed screen shot image. If the inspection target web site is a static web page, the inspection result is transmitted to the result processing module 30 through the forgery and falsification if there is a change in the image. In the case of a dynamic homepage, the Mismatch Rate (%) is calculated by comparing the images in pixel units, and the image of the screen shot is compared to identify the portion where the image change occurs. If the mismatch rate is different and the part of the screenshot image where the change does not occur is changed during the inspection, it is detected as a forgery.
결과처리 모듈(30)은 점검 대상 웹페이지가 위변조로 판별되면 관리자가 사전에 정의한 명령을 실행한다. The result processing module 30 executes a command defined in advance by the administrator if the web page to be checked is determined to be forged.
데이터베이스(40)는 점검 대상 웹사이트 목록, 점검주기, 점검 결과를 저장한다.The database 40 stores a list of Web sites to be checked, a check period, and a check result.
Claims (2)
홈페이지는 동적, 정적인 특성에 따라 스크린샷을 비교하는 스크린샷 비교 모듈;
스크린샷 비교 결과에 따라서 점검 시스템 관리자가 정의한 명령을 처리하는 결과처리 모듈;
점검할 웹사이트 주소, 생성한 스크린샷 이미지, 점검 주기, 점검결과, 결과 처리 행동이 저장되어 있는 데이터베이스
로 이루어진 것을 특징으로 하는 웹페이지 위변조 점검 시스템
A forgery check method according to claim 1, further comprising: a module for accessing a web page to generate a screen shot;
Homepage is a screen shot comparison module that compares screen shots according to dynamic and static characteristics;
A result processing module for processing a command defined by the checking system administrator according to the result of the screen shot comparison;
The website address to be checked, the image of the generated screenshot, the check interval, the check result, and the database
The web page forgery check system
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130129642A KR101562109B1 (en) | 2013-10-30 | 2013-10-30 | Forgery verification system by comaparing pixels of a screenshot |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130129642A KR101562109B1 (en) | 2013-10-30 | 2013-10-30 | Forgery verification system by comaparing pixels of a screenshot |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20150049297A true KR20150049297A (en) | 2015-05-08 |
KR101562109B1 KR101562109B1 (en) | 2015-10-21 |
Family
ID=53387399
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020130129642A KR101562109B1 (en) | 2013-10-30 | 2013-10-30 | Forgery verification system by comaparing pixels of a screenshot |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101562109B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110163013A (en) * | 2019-05-22 | 2019-08-23 | 上海上湖信息技术有限公司 | A kind of method and apparatus detecting sensitive information |
CN116912669A (en) * | 2023-09-11 | 2023-10-20 | 中国物品编码中心 | Webpage hijacking monitoring method, system, electronic equipment and storage medium |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100867306B1 (en) * | 2007-05-31 | 2008-11-06 | (주)위너다임 | Method and system for check of modulate hompage by the image spectrometer |
JP2009087226A (en) | 2007-10-02 | 2009-04-23 | Kddi Corp | Web site determining device and web site determining program |
-
2013
- 2013-10-30 KR KR1020130129642A patent/KR101562109B1/en active IP Right Grant
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110163013A (en) * | 2019-05-22 | 2019-08-23 | 上海上湖信息技术有限公司 | A kind of method and apparatus detecting sensitive information |
CN116912669A (en) * | 2023-09-11 | 2023-10-20 | 中国物品编码中心 | Webpage hijacking monitoring method, system, electronic equipment and storage medium |
CN116912669B (en) * | 2023-09-11 | 2023-11-28 | 中国物品编码中心 | Webpage hijacking monitoring method, system, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
KR101562109B1 (en) | 2015-10-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11165820B2 (en) | Web injection protection method and system | |
US10659482B2 (en) | Robotic process automation resource insulation system | |
US20130263263A1 (en) | Web element spoofing prevention system and method | |
CN103856471B (en) | cross-site scripting attack monitoring system and method | |
JP2014203464A (en) | Client based local malware detection method | |
CN102739653B (en) | Detection method and device aiming at webpage address | |
CN102546576A (en) | Webpagehanging trojan detecting and protecting method and system as well as method for extracting corresponding code | |
CN104063309A (en) | Web application program bug detection method based on simulated strike | |
CN104063673B (en) | A kind of method carrying out information input in a browser and browser device | |
KR100912794B1 (en) | Web hacking management system and manegement method thereof for real time web server hacking analysis and homepage hacking search | |
CN105991554A (en) | Vulnerability detection method and equipment | |
CN104992117A (en) | Abnormal behavior detection method and behavior model establishment method of HTML5 mobile application program | |
CN105488400A (en) | Comprehensive detection method and system of malicious webpage | |
US20220400135A1 (en) | Systems and methods for network risk management, cyber risk management, security ratings, and evaluation systems and methods of the same | |
US11005877B2 (en) | Persistent cross-site scripting vulnerability detection | |
KR102159399B1 (en) | Device for monitoring web server and analysing malicious code | |
KR101562109B1 (en) | Forgery verification system by comaparing pixels of a screenshot | |
CN104717226A (en) | Method and device for detecting website address | |
KR20160090566A (en) | Apparatus and method for detecting APK malware filter using valid market data | |
CN105404796A (en) | JavaScript source file protection method and apparatus | |
CN104506529A (en) | Website protection method and device | |
CN107103241A (en) | A kind of method of testing for automatically generating storage-type XSS attack vector | |
KR101279792B1 (en) | System and method for detecting falsification of files | |
CN105516053A (en) | Website security detection method and website security detection device | |
US10484422B2 (en) | Prevention of rendezvous generation algorithm (RGA) and domain generation algorithm (DGA) malware over existing internet services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
AMND | Amendment | ||
E601 | Decision to refuse application | ||
AMND | Amendment | ||
X701 | Decision to grant (after re-examination) | ||
FPAY | Annual fee payment |
Payment date: 20181015 Year of fee payment: 4 |
|
FPAY | Annual fee payment |
Payment date: 20191003 Year of fee payment: 5 |