KR20150049297A - None - Google Patents

None Download PDF

Info

Publication number
KR20150049297A
KR20150049297A KR1020130129642A KR20130129642A KR20150049297A KR 20150049297 A KR20150049297 A KR 20150049297A KR 1020130129642 A KR1020130129642 A KR 1020130129642A KR 20130129642 A KR20130129642 A KR 20130129642A KR 20150049297 A KR20150049297 A KR 20150049297A
Authority
KR
South Korea
Prior art keywords
forgery
web page
screen shot
image
check
Prior art date
Application number
KR1020130129642A
Other languages
Korean (ko)
Other versions
KR101562109B1 (en
Inventor
김현우
Original Assignee
김현우
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 김현우 filed Critical 김현우
Priority to KR1020130129642A priority Critical patent/KR101562109B1/en
Publication of KR20150049297A publication Critical patent/KR20150049297A/en
Application granted granted Critical
Publication of KR101562109B1 publication Critical patent/KR101562109B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Abstract

The present invention relates to a method and a system for remotely inspecting forgery of a webpage. An existing webpage forgery detecting technique is a system for parsing and analyzing a web source, that is a text, and little or a little change in the text is rarely detected. To solve this, a screenshot image of an inspection object webpage is generated, and forgery is detected through an image pixel unit comparison during inspection. A screenshot is compared, thereby also detecting website forgery that is not detected through a text analysis.

Description

웹페이지 스크린샷을 이용한 위변조 점검 시스템 및 방법{None}System and method for forgery check using web page screen shot {None}

본 발명은 원격에서 웹페이지 위변조를 탐지하기 위한 방법 및 시스템에 관한 것이다.The present invention relates to a method and system for detecting web page forgery remotely.

웹 서비스는 이미 우리의 일상 생활 깊숙이 들어와 있으며 공공기관, 일반 기업 등 조직과 개인은 홈페이지를 운영하면서 서비스 제공 및 홍보의 수단으로 이용하고 있다. 이러한 홈페이지가 해킹을 당하면 해당 조직은 이미지 훼손, 신뢰도 저하와 같은 직간접적인 피해를 당하게 된다. 또한 악의적 해커들은 자신의 주장을 전달하기 위해 홈페이지 해킹을 통한 핵티비즘 활동을 하고 있다. 홈페이지 해킹을 탐지하기 위해서 기존의 웹페이지 위변조를 점검하는 시스템은 해쉬기법을 적용하거나, N-gram 기법을 이용한 임계치 분석, 해킹 코드 패턴과 비교하는 방식 등이 있으나 이러한 분석 방법들은 모두 웹페이지 컨텐츠 즉, 소스를 파싱하여 점검하는 방식이어서 웹소스의 변화 없이 이미지, 미디어, 플래쉬 등 구성요소만 변화가 있을 경우 탐지할 수가 없다. Web services are already deeply embedded in our daily lives. Organizations and individuals such as public organizations and general companies use the website as a means of providing and promoting services. If such a homepage is hacked, the organization will suffer direct or indirect damage such as image degradation and reliability reduction. Also, malicious hackers are doing hacktivism activities through homepage hacking to deliver their claims. In order to detect the homepage hacking, there is a system for checking the existing web page forgery and alteration, such as applying the hash technique, threshold analysis using the N-gram technique, and comparing with the hacking code pattern. However, , And the source is parsed and checked. Therefore, it is impossible to detect if only the components such as image, media, and flash are changed without changing the web source.

기존의 홈페이지 위변조 탐지 기술은 웹소스를 기준으로 분석하는 방식이다. 웹소스는 그대로지만 홈페이지를 구성하고 있는 이미지, 미디어 등 바이너리 파일이 변경 되었을 경우 웹소스 즉 텍스트 분석 방식은 변화를 탐지해 낼 수 없다.The existing website forgery detection technology is based on web source. Web source, ie text analysis, can not detect changes if binary files such as images, media, etc. that make up the homepage are changed.

상기와 같은 문제점을 해결하기 위하여, 웹페이지 위변조와 관련하여 웹소스 분석 방식이 아닌 웹페이지의 스크린샷을 비교하여 홈페이지 해킹을 탐지한다.In order to solve the above problems, a web page hacking is detected by comparing screen shots of a web page, rather than a web source analysis method, in connection with forgery of a web page.

악의적 해커에 의해 홈페이지가 해킹당했을 경우 홈페이지 위변조를 탐지한다. 웹페이지 전체가 Deface 되었을 경우와 더불어 해커가 웹페이지의 전체 권한을 장악하지 못해 일부 구성 요소만 변경한 경우에도 탐지가 가능하다. 홈페이지 관리자는 웹페이지의 스크린샷 이미지를 보고 직관적으로 해킹 식별이 가능하다.If the homepage is hacked by a malicious hacker, it detects the homepage forgery. In addition to the case where the whole web page is deface, it can be detected even if some components are changed because the hacker does not take full control of the web page. Homepage administrators can identify hacking intuitively by viewing the screenshot image of the web page.

도1은 본 발명의 실시예인 웹페이지 스크린샷을 이용한 위변조 점검 시스템 구성을 도시한 도면.
도2는 본 발명의 실시예인 웹페이지 스크린샷을 이용한 위변조 점검 시스템이 정상 홈페이지와 해킹된 홈페이지의 스크린샷을 비교하여 해킹을 탐지한 도면.BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram showing a configuration of a forgery-and-alteration checking system using a web page screen shot according to an embodiment of the present invention. FIG.
FIG. 2 is a diagram for explaining a hacking by comparing a normal homepage and a screen shot of a hacked homepage, according to a forgery check system using a web page screen shot, which is an embodiment of the present invention.

이하 도면을 참조하여 본 발명의 실시를 위한 구체적인 내용을 설명한다.Hereinafter, the present invention will be described in detail with reference to the drawings.

도1은 본 발명에 따른 웹페이지 위변조 점검 시스템의 개략적인 구성을 도시한 도면이고, 도2는 웹페이지 위변조 점검 시스템이 스크린샷 비교로 해킹을 탐지한 도면이다.FIG. 1 is a diagram showing a schematic configuration of a web page forgery check system according to the present invention, and FIG. 2 is a diagram for detecting a hack by comparing a screen shot with a web page forgery check system.

스크린샷 생성 모듈(10)은 데이터베이스(40)에 저장되어 있는 웹사이트에 접근하여 스크린샷 이미지를 생성하여 데이터베이스(40)에 저장한다. The screen shot generation module 10 accesses a web site stored in the database 40, generates a screen shot image, and stores the generated screen shot image in the database 40.

스크린샷 비교 모듈(20)은 데이터베이스(40)에 저장되어 있는 스크린샷 이미지와 최근에 접근한 스크린샷 이미지를 비교한다. 점검 대상 웹사이트가 정적인 웹페이지일 경우는 이미지에 변화가 있으면 위변조로 탐지를 해서 결과 처리 모듈(30)으로 비교 결과를 전달한다. 동적인 홈페이지의 경우는 이미지의 픽셀 단위로 비교를 하여 Mismatch Rate(%)를 구하고 또한 스크린샷 이미지를 비교하여 이미지 변경이 일어나는 부분을 식별한다. Mismatch Rate 가 다를 경우와 스크린샷 이미지가 변경이 일어나지 않던 부분이 점검시 변경 되었다면 위변조로 탐지한다.The screen shot comparison module 20 compares the screen shot image stored in the database 40 with the recently accessed screen shot image. If the inspection target web site is a static web page, the inspection result is transmitted to the result processing module 30 through the forgery and falsification if there is a change in the image. In the case of a dynamic homepage, the Mismatch Rate (%) is calculated by comparing the images in pixel units, and the image of the screen shot is compared to identify the portion where the image change occurs. If the mismatch rate is different and the part of the screenshot image where the change does not occur is changed during the inspection, it is detected as a forgery.

결과처리 모듈(30)은 점검 대상 웹페이지가 위변조로 판별되면 관리자가 사전에 정의한 명령을 실행한다. The result processing module 30 executes a command defined in advance by the administrator if the web page to be checked is determined to be forged.

데이터베이스(40)는 점검 대상 웹사이트 목록, 점검주기, 점검 결과를 저장한다.The database 40 stores a list of Web sites to be checked, a check period, and a check result.

Claims (2)

웹페이지 위변조 점검 방법에 있어서, 원격의 점검 시스템이 점검 대상 웹페이지를 접근하여 스크린샷 이미지를 생성하고, 생성된 스크린샷 이미지의 비교를 통해 웹페이지의 위변조를 점검하는 방법 In a method for checking forgery of a web page, a remote inspection system accesses a web page to be inspected to generate a screenshot image, and checks the forgery and falsification of the web page through comparison of the generated screenshot images 제 1항의 위변조 점검 방법에 있어서, 웹페이지에 접근하여 스크린샷을 생성하는 모듈;
홈페이지는 동적, 정적인 특성에 따라 스크린샷을 비교하는 스크린샷 비교 모듈;
스크린샷 비교 결과에 따라서 점검 시스템 관리자가 정의한 명령을 처리하는 결과처리 모듈;
점검할 웹사이트 주소, 생성한 스크린샷 이미지, 점검 주기, 점검결과, 결과 처리 행동이 저장되어 있는 데이터베이스
로 이루어진 것을 특징으로 하는 웹페이지 위변조 점검 시스템
A forgery check method according to claim 1, further comprising: a module for accessing a web page to generate a screen shot;
Homepage is a screen shot comparison module that compares screen shots according to dynamic and static characteristics;
A result processing module for processing a command defined by the checking system administrator according to the result of the screen shot comparison;
The website address to be checked, the image of the generated screenshot, the check interval, the check result, and the database
The web page forgery check system
KR1020130129642A 2013-10-30 2013-10-30 Forgery verification system by comaparing pixels of a screenshot KR101562109B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130129642A KR101562109B1 (en) 2013-10-30 2013-10-30 Forgery verification system by comaparing pixels of a screenshot

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130129642A KR101562109B1 (en) 2013-10-30 2013-10-30 Forgery verification system by comaparing pixels of a screenshot

Publications (2)

Publication Number Publication Date
KR20150049297A true KR20150049297A (en) 2015-05-08
KR101562109B1 KR101562109B1 (en) 2015-10-21

Family

ID=53387399

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130129642A KR101562109B1 (en) 2013-10-30 2013-10-30 Forgery verification system by comaparing pixels of a screenshot

Country Status (1)

Country Link
KR (1) KR101562109B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110163013A (en) * 2019-05-22 2019-08-23 上海上湖信息技术有限公司 A kind of method and apparatus detecting sensitive information
CN116912669A (en) * 2023-09-11 2023-10-20 中国物品编码中心 Webpage hijacking monitoring method, system, electronic equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100867306B1 (en) * 2007-05-31 2008-11-06 (주)위너다임 Method and system for check of modulate hompage by the image spectrometer
JP2009087226A (en) 2007-10-02 2009-04-23 Kddi Corp Web site determining device and web site determining program

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110163013A (en) * 2019-05-22 2019-08-23 上海上湖信息技术有限公司 A kind of method and apparatus detecting sensitive information
CN116912669A (en) * 2023-09-11 2023-10-20 中国物品编码中心 Webpage hijacking monitoring method, system, electronic equipment and storage medium
CN116912669B (en) * 2023-09-11 2023-11-28 中国物品编码中心 Webpage hijacking monitoring method, system, electronic equipment and storage medium

Also Published As

Publication number Publication date
KR101562109B1 (en) 2015-10-21

Similar Documents

Publication Publication Date Title
US11165820B2 (en) Web injection protection method and system
US10659482B2 (en) Robotic process automation resource insulation system
US20130263263A1 (en) Web element spoofing prevention system and method
CN103856471B (en) cross-site scripting attack monitoring system and method
JP2014203464A (en) Client based local malware detection method
CN102739653B (en) Detection method and device aiming at webpage address
CN102546576A (en) Webpagehanging trojan detecting and protecting method and system as well as method for extracting corresponding code
CN104063309A (en) Web application program bug detection method based on simulated strike
CN104063673B (en) A kind of method carrying out information input in a browser and browser device
KR100912794B1 (en) Web hacking management system and manegement method thereof for real time web server hacking analysis and homepage hacking search
CN105991554A (en) Vulnerability detection method and equipment
CN104992117A (en) Abnormal behavior detection method and behavior model establishment method of HTML5 mobile application program
CN105488400A (en) Comprehensive detection method and system of malicious webpage
US20220400135A1 (en) Systems and methods for network risk management, cyber risk management, security ratings, and evaluation systems and methods of the same
US11005877B2 (en) Persistent cross-site scripting vulnerability detection
KR102159399B1 (en) Device for monitoring web server and analysing malicious code
KR101562109B1 (en) Forgery verification system by comaparing pixels of a screenshot
CN104717226A (en) Method and device for detecting website address
KR20160090566A (en) Apparatus and method for detecting APK malware filter using valid market data
CN105404796A (en) JavaScript source file protection method and apparatus
CN104506529A (en) Website protection method and device
CN107103241A (en) A kind of method of testing for automatically generating storage-type XSS attack vector
KR101279792B1 (en) System and method for detecting falsification of files
CN105516053A (en) Website security detection method and website security detection device
US10484422B2 (en) Prevention of rendezvous generation algorithm (RGA) and domain generation algorithm (DGA) malware over existing internet services

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)
FPAY Annual fee payment

Payment date: 20181015

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20191003

Year of fee payment: 5