Search International and National Patent Collections

1. (WO2018107784) METHOD AND DEVICE FOR DETECTING WEBSHELL

Pub. No.:    WO/2018/107784    International Application No.:    PCT/CN2017/096502
Publication Date: Fri Jun 22 01:59:59 CEST 2018 International Filing Date: Wed Aug 09 01:59:59 CEST 2017
IPC: H04L 29/06
Applicants: HUAWEI TECHNOLOGIES CO., LTD.
华为技术有限公司
Inventors: JIANG, Wu
蒋武
Title: METHOD AND DEVICE FOR DETECTING WEBSHELL
Abstract:
A method and a device for detecting a webshell, which are used for alleviating the problem in the prior art of low detection efficiency. The method comprises: acquiring first web traffic of a protected host; generating, according to the first web traffic, webpage access records of the protected host, the webpage access records being used for saving at least one uniform resource locator (URL), an IP address having accessed each URL of the at least one URL, and the total number of times each URL has been accessed, each URL identifying one webpage provided by the protected host; determining, according to the webpage access records, a suspicious URL from the at least one URL, the total number of times the suspicious URL has been accessed being less than a first threshold, and the ratio of the number of different IP addresses having accessed the suspicious URL to the total number of times that the suspicious URL has been accessed being less than a second threshold; and determining whether the webpage of the suspicious URL identifier comprises a shell feature, and detecting, according to the shell feature determination result, whether the webpage of the suspicious URL identifier has a webshell.