CN105488400A - Comprehensive detection method and system of malicious webpage - Google Patents
Comprehensive detection method and system of malicious webpage Download PDFInfo
- Publication number
- CN105488400A CN105488400A CN201410763648.4A CN201410763648A CN105488400A CN 105488400 A CN105488400 A CN 105488400A CN 201410763648 A CN201410763648 A CN 201410763648A CN 105488400 A CN105488400 A CN 105488400A
- Authority
- CN
- China
- Prior art keywords
- url
- detected
- malicious
- matching
- queue
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a comprehensive detection method and system of a malicious webpage. The comprehensive detection method comprises the following steps: adding URL (Uniform Resource Locator) to be detected into a queue on batch, and setting a unique ID (Identity) number for each piece of URL to be detected; extracting the URL to be detected in the queue, compiling an automated script to simulate the HTTP (Hyper Text Transport Protocol) request of the URL to be detected, obtaining a returning result and a generated PCAP data packet, and configuring the ID number corresponding to the URL to be detected; after the returning result is subjected to formatting processing, matching the returning result with a custom rule base, determining that the URL to be detected is a malicious URL if the returning result and the custom rule base are successfully matched, and otherwise, utilizing the ID number to obtain the PCAP data packet corresponding to the URL to be detected, wherein the URL to be detected fails in matching; matching the PCAP data packet with a flow feature library, and determining that the URL to be detected is the malicious URL if the PCAP data packet and the flow feature library are successfully matched, and otherwise, permitting to release. The method can effectively detect the malicious URL and relevant malicious page contents and can effectively solve the problem of the report failure of the malicious webpage.
Description
Technical field
The present invention relates to technical field of network security, particularly relate to a kind of malicious web pages method for comprehensive detection and system.
Background technology
Along with the development of infotech, network security problem becomes increasingly conspicuous, and nowadays increasing assailant is absorbed in autotelic attack pattern in a organized way, and main target is then the sensitive information obtaining user, such as individual privacy, account number cipher etc.Due to the development of the safety technique such as fire wall, intruding detection system, assailant is produced little effect on traditional attack pattern, and therefore client-based attack pattern is popular gradually, and malicious web pages is then the one in many attack patterns with typicalness.
Malicious web pages is that one utilizes software or system vulnerability, by Web page as carrier, propagates rapidly and widely in internet, and common web page files suffix is called html, asp, php, jsp etc.The code that can automatically perform is embedded in these files, when user browses this page, the malicious code embedded then can perform on backstage, for revising the setting of operating system of user or software configuration file information, illegally stealing user sensitive information, deleting user data etc.Because the difficulty of writing web page code is lower, therefore a lot of assailant big city, by arranging malicious websites, attracts user to access this website, then initiates further attack activity by the malicious code be embedded in webpage at present.For normal website, due to WEB server mis-arrange or server exists potential safety hazard, now assailant can embed malicious code by nonconventional approaches in the normal page, reaches and attacks object further.
Being embedded in the performed malicious code in normal web page, in order to evade detection, usually concealing in the following manner: Code obfuscation, code encryption, URL are redirected.In malicious code, such as use document.Write () function and eval () function to realize dynamic code inject, or use escape () function to be encoded by character, use decoding functions, self-defined decoding program in other position of malicious code or be directly converted to the coding that browser can resolve.And URL is redirected and mainly points to other URL address by script function in the normal page, instruction browser auto-browsing other URL link one or more, and do not affect the normal page shown by user content.Result of study shows, the development trend of malicious web pages is roughly as follows: kind is fuzzy, and various attacks mode combines; Multi-platform attack, malicious web pages type of code increases; Velocity of propagation is fast, and spread scope is wide, is difficult to prevention.
Summary of the invention
For above-mentioned technical matters, the invention provides a kind of malicious web pages method for comprehensive detection and system, this invention uses the web page contents of custom rule storehouse to URL to be detected to detect, for cannot the URL to be detected of successful match then utilize traffic characteristic storehouse to carry out matching operation to the PCAP packet that it returns, thus differentiate whether it is malice URL.The present invention effectively can solve the malice test problems in the situations such as web page contents encryption, thus avoids the generation of failing to report situation.
The present invention adopts and realizes with the following method: a kind of malicious web pages method for comprehensive detection, comprising:
URL batch to be detected is added in queue, and numbers for every bar URL to be detected arranges unique ID;
Extract the URL to be detected in queue, and write the HTTP request of the described URL to be detected of automatized script simulation, obtain the PCAP packet returning results and produce, and the configuration ID corresponding with URL to be detected numbers; Described returning results comprises: the page code that the responsive state code of web server and access produce;
To described return results carry out format process after, mate with custom rule storehouse, if successful match, then URL to be detected be malice URL, otherwise utilizes ID to number the PCAP packet corresponding to URL to be detected of the unsuccessful coupling of acquisition;
Mated with described traffic characteristic storehouse by PCAP packet, if successful match, then URL to be detected is malice URL, otherwise is let pass;
Matched rule in described custom rule storehouse comprises: No. ID, matching way, matching content and matched rule;
Matching characteristic in described traffic characteristic storehouse comprises: obtain PCAP packet based on known malicious URL request, and the feature that Based PC AP packet content is extracted.
Further, described URL to be detected comprises: the related urls that the URL on the internet that self-defined url list, web crawlers capture or search keyword obtain.
Further, URL to be detected in described extraction queue, and also comprise before writing the HTTP request of the described URL to be detected of automatized script simulation: the URL to be detected in queue is mated with known white list, if successful match, then URL to be detected is safe URL, otherwise write the HTTP request of the described URL to be detected of automatized script simulation, and carry out subsequent operation.
Further, described in write the HTTP request of the described URL to be detected of automatized script simulation, comprising: checks and decipher occur encryption function, high-riskly perform script function, follow the tracks of Redirect URL and the hiding URL of parsing.
Further, the related data of the URL to be detected being judged to be malice URL is stored in display database, for visual presentation.
The present invention adopts following system to realize: a kind of malicious web pages comprehensive detection system, comprising:
Queue, for storing URL to be detected, and numbers for every bar URL to be detected arranges unique ID;
Automatized script analog module, for extracting the URL to be detected in queue, and writes the HTTP request of the described URL to be detected of automatized script simulation;
Request results acquisition module, for obtaining the PCAP packet returning results He produce of automatized script analog module, and the configuration ID corresponding with URL to be detected numbers; Described returning results comprises: the page code that the responsive state code of web server and access produce;
Custom rule matching module, for described return results carry out format process after, mate with custom rule storehouse, if successful match, then URL to be detected be maliciously URL, otherwise completes subsequent operation by traffic characteristic matching module;
Traffic characteristic matching module, for utilizing the PCAP packet that the URL to be detected of the unsuccessful coupling of ID numbering acquisition is corresponding, and mated with described traffic characteristic storehouse by PCAP packet, if successful match, then URL to be detected is malice URL, otherwise is let pass;
Custom rule storehouse, for storing matched rule, comprising: No. ID, matching way, matching content and matched rule;
Traffic characteristic storehouse, for storing matching characteristic, comprising: obtain PCAP packet based on known malicious URL request, and the feature that Based PC AP packet content is extracted.
Further, described URL to be detected comprises: the related urls that the URL on the internet that self-defined url list, web crawlers capture or search keyword obtain.
Further, also comprise white list matching module, for being mated with known white list by the URL to be detected in queue, if successful match, then URL to be detected is safe URL, otherwise completes subsequent operation by automatized script analog module.
Further, described in write the HTTP request of the described URL to be detected of automatized script simulation, comprising: checks and decipher occur encryption function, high-riskly perform script function, follow the tracks of Redirect URL and the hiding URL of parsing.
Further, also comprising display database, for storing the related data of the URL to be detected being judged to be malice URL, carrying out visual presentation.
In sum, the invention provides a kind of malicious web pages method for comprehensive detection and system, for URL to be detected, automatized script is utilized to simulate HTTP request of access, and for returning results the detection carrying out web page contents, utilize custom rule storehouse to mate, if the match is successful, then URL to be detected is malice URL, otherwise capture PCAP packet, and utilize traffic characteristic storehouse to carry out the characteristic matching of packet, if the match is successful, then URL to be detected is malice URL, otherwise is let pass.
Beneficial effect of the present invention is: technical scheme of the present invention, first carrys out simulation browser access URL to be detected by writing automatized script, and obtains returning results and data on flows bag of producing; After returning results and carrying out format process, mate with the matching way specified in custom rule storehouse, if successful match, URL to be detected be maliciously URL; Wherein, the quality in described custom rule storehouse can affect the degree of accuracy of detection system; But, for the situation that there is malicious snippets of code in webpage and be encrypted or obscure process, custom rule storehouse is utilized possibly cannot effectively to detect, now, by the ID numbering of configuration, the PCAP packet that the acquisition URL to be detected that the match is successful is relevant, and utilize traffic characteristic storehouse to carry out traffic characteristic coupling, thus ensure to reduce the occurrence probability reported by mistake and fail to report.
Accompanying drawing explanation
In order to be illustrated more clearly in technical scheme of the present invention, be briefly described to the accompanying drawing used required in embodiment below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of malicious web pages method for comprehensive detection embodiment process flow diagram provided by the invention;
Fig. 2 is a kind of malicious web pages comprehensive detection system example structure figure provided by the invention.
Embodiment
The present invention gives a kind of malicious web pages method for comprehensive detection and system, technical scheme in the embodiment of the present invention is understood better in order to make those skilled in the art person, and enable above-mentioned purpose of the present invention, feature and advantage become apparent more, below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail:
The present invention provide firstly a kind of malicious web pages method for comprehensive detection embodiment, as shown in Figure 1, comprising:
URL batch to be detected is added in queue by S101, and numbers for every bar URL to be detected arranges unique ID;
S102 extracts the URL to be detected in queue, and writes the HTTP request of the described URL to be detected of automatized script simulation;
S103 obtains the PCAP packet returning results and produce, and the configuration ID corresponding with URL to be detected numbers; Described returning results is simulation browser and accesses the consequence that URL to be detected produces, and comprising: the page code that the responsive state code of web server and access produce; The ID that URL described and to be detected is corresponding numbers, and for being returned results with it and PCAP packet one_to_one corresponding by each URL to be detected, uses in convenient detection;
S104 to described return results carry out format process after, mate with custom rule storehouse, judge whether successful match, if so, then URL to be detected be malice URL, otherwise execution S105; Wherein, described formatting method comprises: generate XML or JSON form content of pages;
S105 utilizes the PCAP packet that the URL to be detected of the unsuccessful coupling of ID numbering acquisition is corresponding;
PCAP packet mates with described traffic characteristic storehouse by S106, judges whether successful match, and if so, then URL to be detected is malice URL, otherwise is let pass;
Matched rule in described custom rule storehouse comprises: No. ID, matching way, matching content and matched rule;
Wherein, matching way includes but not limited to: advance, intermediate, low-level, warning and ignore; Matching content is the emphasis of matched rule, includes but not limited to: keyword match or matching regular expressions; Described matched rule ID, for indicating the uniqueness of rule, is convenient to follow-up searching and is tested and amendment;
Matching characteristic in described traffic characteristic storehouse comprises: obtain PCAP packet based on known malicious URL request, and the feature that Based PC AP packet content is extracted.
Wherein, described traffic characteristic storehouse needs not timing to upgrade, can effective detection of malicious code encryption or the situation not easy to identify such as to obscure.
Preferably, described URL to be detected comprises: the related urls that the URL on the internet that self-defined url list, web crawlers capture or search keyword obtain.
Preferably, URL to be detected in described extraction queue, and also comprise before writing the HTTP request of the described URL to be detected of automatized script simulation: the URL to be detected in queue is mated with known white list, if successful match, then URL to be detected is safe URL, otherwise write the HTTP request of the described URL to be detected of automatized script simulation, and carry out subsequent operation.Wherein, described white list needs not timing to upgrade, and avoids situation wrong report occurring or fails to report.
Preferably, described in write the HTTP request of the described URL to be detected of automatized script simulation, comprising: checks and decipher occur encryption function, high-riskly perform script function, follow the tracks of Redirect URL and the hiding URL of parsing.Wherein, resolving hiding URL can pass through Test Gauge label, comprises iframe, script or link etc.
Preferably, the related data of the URL to be detected being judged to be malice URL is stored in display database, for visual presentation.Correspondence is linked number, working time, detection are consuming time, testing result, hazard rating etc. generate visual report, be convenient to the development trend of statistical study or the recent malicious web pages of prediction further.
Secondly the present invention provides a kind of malicious web pages comprehensive detection system embodiment, as shown in Figure 2, comprising:
Queue 201, for storing URL to be detected, and numbers for every bar URL to be detected arranges unique ID;
Automatized script analog module 202, for extracting the URL to be detected in queue 201, and writes the HTTP request of the described URL to be detected of automatized script simulation;
Request results acquisition module 203, for obtaining the PCAP packet returning results He produce of automatized script analog module 202, and the configuration ID corresponding with URL to be detected numbers; Described returning results comprises: the page code that the responsive state code of web server and access produce;
Custom rule matching module 204, for described return results carry out format process after, mate with custom rule storehouse 206, if successful match, then URL to be detected be maliciously URL, otherwise completes subsequent operation by traffic characteristic matching module 205;
Traffic characteristic matching module 205, for utilizing the PCAP packet that the URL to be detected of the unsuccessful coupling of ID numbering acquisition is corresponding, and PCAP packet is mated with described traffic characteristic storehouse 207, if successful match, then URL to be detected is malice URL, otherwise is let pass;
Custom rule storehouse 206, for storing matched rule, comprising: No. ID, matching way, matching content and matched rule;
Traffic characteristic storehouse 207, for storing matching characteristic, comprising: obtain PCAP packet based on known malicious URL request, and the feature that Based PC AP packet content is extracted.
Preferably, described URL to be detected comprises: the related urls that the URL on the internet that self-defined url list, web crawlers capture or search keyword obtain.
Preferably, also comprise white list matching module, for being mated with known white list by the URL to be detected in queue, if successful match, then URL to be detected is safe URL, otherwise completes subsequent operation by automatized script analog module.
Preferably, described in write the HTTP request of the described URL to be detected of automatized script simulation, comprising: checks and decipher occur encryption function, high-riskly perform script function, follow the tracks of Redirect URL and the hiding URL of parsing.
Preferably, also comprising display database, for storing the related data of the URL to be detected being judged to be malice URL, carrying out visual presentation.
In sum, for classic method, the situation such as have that kind is fuzzy, attack pattern is various, Attack Platform is various due to malicious web pages and malicious web pages type of code is more, thus make traditional detection mode cannot effective detection of malicious URL, exist and much fail to report situation.Malicious web pages method for comprehensive detection given by the present invention and system embodiment, be one and build convenient and the malicious web pages detection method of operation feasible and system, whole method and system can automated analysis judging, the negative effect avoiding too much manual intervention to bring and application scenarios is extensive, can detect as malice URL the primary link identified, also can predict according to the malicious web pages form of testing result to following a period of time.The HTTP request of URL to be detected is simulated by writing automatized script, and utilize custom rule storehouse to judge returning results, traffic characteristic storehouse is utilized to carry out the detection of whether malice for PCAP packet, thus the harm after effectively avoiding malicious code execution, subscriber computer brought, various attacks type for malicious web pages detects, and effectively reduces and fails to report and report by mistake.
Above embodiment is unrestricted technical scheme of the present invention in order to explanation.Do not depart from any modification or partial replacement of spirit and scope of the invention, all should be encompassed in the middle of right of the present invention.
Claims (10)
1. a malicious web pages method for comprehensive detection, is characterized in that, comprising:
URL batch to be detected is added in queue, and numbers for every bar URL to be detected arranges unique ID;
Extract the URL to be detected in queue, and write the HTTP request of the described URL to be detected of automatized script simulation, obtain the PCAP packet returning results and produce, and the configuration ID corresponding with URL to be detected numbers; Described returning results comprises: the page code that the responsive state code of web server and access produce;
To described return results carry out format process after, mate with custom rule storehouse, if successful match, then URL to be detected be malice URL, otherwise utilizes ID to number the PCAP packet corresponding to URL to be detected of the unsuccessful coupling of acquisition;
Mated with described traffic characteristic storehouse by PCAP packet, if successful match, then URL to be detected is malice URL, otherwise is let pass;
Matched rule in described custom rule storehouse comprises: No. ID, matching way, matching content and matched rule;
Matching characteristic in described traffic characteristic storehouse comprises: obtain PCAP packet based on known malicious URL request, and the feature that Based PC AP packet content is extracted.
2. the method for claim 1, is characterized in that, described URL to be detected comprises: the related urls that the URL on the internet that self-defined url list, web crawlers capture or search keyword obtain.
3. the method for claim 1, it is characterized in that, URL to be detected in described extraction queue, and also comprise before writing the HTTP request of the described URL to be detected of automatized script simulation: the URL to be detected in queue is mated with known white list, if successful match, then URL to be detected is safe URL, otherwise writes the HTTP request of the described URL to be detected of automatized script simulation, and carries out subsequent operation.
4. the method for claim 1, it is characterized in that, described HTTP request of writing the described URL to be detected of automatized script simulation, comprising: checks and decipher occur encryption function, high-riskly perform script function, follow the tracks of Redirect URL and the hiding URL of parsing.
5. the method for claim 1, is characterized in that, the related data of the URL to be detected being judged to be malice URL is stored in display database, for visual presentation.
6. a malicious web pages comprehensive detection system, is characterized in that, comprising:
Queue, for storing URL to be detected, and numbers for every bar URL to be detected arranges unique ID;
Automatized script analog module, for extracting the URL to be detected in queue, and writes the HTTP request of the described URL to be detected of automatized script simulation;
Request results acquisition module, for obtaining the PCAP packet returning results He produce of automatized script analog module, and the configuration ID corresponding with URL to be detected numbers; Described returning results comprises: the page code that the responsive state code of web server and access produce;
Custom rule matching module, for described return results carry out format process after, mate with custom rule storehouse, if successful match, then URL to be detected be maliciously URL, otherwise completes subsequent operation by traffic characteristic matching module;
Traffic characteristic matching module, for utilizing the PCAP packet that the URL to be detected of the unsuccessful coupling of ID numbering acquisition is corresponding, and mated with described traffic characteristic storehouse by PCAP packet, if successful match, then URL to be detected is malice URL, otherwise is let pass;
Custom rule storehouse, for storing matched rule, comprising: No. ID, matching way, matching content and matched rule;
Traffic characteristic storehouse, for storing matching characteristic, comprising: obtain PCAP packet based on known malicious URL request, and the feature that Based PC AP packet content is extracted.
7. system as claimed in claim 6, it is characterized in that, described URL to be detected comprises: the related urls that the URL on the internet that self-defined url list, web crawlers capture or search keyword obtain.
8. system as claimed in claim 6, is characterized in that, also comprise white list matching module, for the URL to be detected in queue is mated with known white list, if successful match, then URL to be detected is safe URL, otherwise completes subsequent operation by automatized script analog module.
9. system as claimed in claim 6, it is characterized in that, described HTTP request of writing the described URL to be detected of automatized script simulation, comprising: checks and decipher occur encryption function, high-riskly perform script function, follow the tracks of Redirect URL and the hiding URL of parsing.
10. system as claimed in claim 6, is characterized in that, also comprise display database, for storing the related data of the URL to be detected being judged to be malice URL, carries out visual presentation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410763648.4A CN105488400A (en) | 2014-12-13 | 2014-12-13 | Comprehensive detection method and system of malicious webpage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410763648.4A CN105488400A (en) | 2014-12-13 | 2014-12-13 | Comprehensive detection method and system of malicious webpage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105488400A true CN105488400A (en) | 2016-04-13 |
Family
ID=55675374
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410763648.4A Pending CN105488400A (en) | 2014-12-13 | 2014-12-13 | Comprehensive detection method and system of malicious webpage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105488400A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108038233A (en) * | 2017-12-26 | 2018-05-15 | 福建中金在线信息科技有限公司 | A kind of method, apparatus, electronic equipment and storage medium for gathering article |
| CN108566377A (en) * | 2018-03-14 | 2018-09-21 | 中电和瑞科技有限公司 | A kind of attack evidence collecting method, device and storage medium |
| CN108874847A (en) * | 2017-12-26 | 2018-11-23 | 北京安天网络安全技术有限公司 | Matching process, device, electronic equipment and the storage medium of custom rule |
| CN111046386A (en) * | 2019-12-05 | 2020-04-21 | 深圳开源互联网安全技术有限公司 | Method and system for dynamically detecting program third-party library and performing security evaluation |
| CN111078542A (en) * | 2019-11-29 | 2020-04-28 | 苏州浪潮智能科技有限公司 | Webpage server response head security configuration detection method and device |
| CN112671747A (en) * | 2020-12-17 | 2021-04-16 | 赛尔网络有限公司 | Overseas malicious URL statistical method and device, electronic equipment and storage medium |
| CN112910920A (en) * | 2021-03-01 | 2021-06-04 | 深信服科技股份有限公司 | Malicious communication detection method, system, storage medium and electronic device |
| CN114143074A (en) * | 2021-11-29 | 2022-03-04 | 杭州迪普科技股份有限公司 | Webshell attack recognition device and method |
| CN114285627A (en) * | 2021-12-21 | 2022-04-05 | 安天科技集团股份有限公司 | Flow detection method and device, electronic equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581144A (en) * | 2012-08-06 | 2014-02-12 | 无锡稳捷网络技术有限公司 | Network safety access control method based on ICAP |
| CN103942497A (en) * | 2013-09-11 | 2014-07-23 | 杭州安恒信息技术有限公司 | Forensics type website vulnerability scanning method and system |
| CN104200166A (en) * | 2014-08-05 | 2014-12-10 | 杭州安恒信息技术有限公司 | Script-based website vulnerability scanning method and system |
-
2014
- 2014-12-13 CN CN201410763648.4A patent/CN105488400A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581144A (en) * | 2012-08-06 | 2014-02-12 | 无锡稳捷网络技术有限公司 | Network safety access control method based on ICAP |
| CN103942497A (en) * | 2013-09-11 | 2014-07-23 | 杭州安恒信息技术有限公司 | Forensics type website vulnerability scanning method and system |
| CN104200166A (en) * | 2014-08-05 | 2014-12-10 | 杭州安恒信息技术有限公司 | Script-based website vulnerability scanning method and system |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108874847A (en) * | 2017-12-26 | 2018-11-23 | 北京安天网络安全技术有限公司 | Matching process, device, electronic equipment and the storage medium of custom rule |
| CN108038233A (en) * | 2017-12-26 | 2018-05-15 | 福建中金在线信息科技有限公司 | A kind of method, apparatus, electronic equipment and storage medium for gathering article |
| CN108038233B (en) * | 2017-12-26 | 2021-07-23 | 福建中金在线信息科技有限公司 | Method and device for collecting articles, electronic equipment and storage medium |
| CN108566377A (en) * | 2018-03-14 | 2018-09-21 | 中电和瑞科技有限公司 | A kind of attack evidence collecting method, device and storage medium |
| CN111078542A (en) * | 2019-11-29 | 2020-04-28 | 苏州浪潮智能科技有限公司 | Webpage server response head security configuration detection method and device |
| CN111046386A (en) * | 2019-12-05 | 2020-04-21 | 深圳开源互联网安全技术有限公司 | Method and system for dynamically detecting program third-party library and performing security evaluation |
| CN112671747B (en) * | 2020-12-17 | 2022-08-30 | 赛尔网络有限公司 | Overseas malicious URL statistical method and device, electronic equipment and storage medium |
| CN112671747A (en) * | 2020-12-17 | 2021-04-16 | 赛尔网络有限公司 | Overseas malicious URL statistical method and device, electronic equipment and storage medium |
| CN112910920A (en) * | 2021-03-01 | 2021-06-04 | 深信服科技股份有限公司 | Malicious communication detection method, system, storage medium and electronic device |
| CN114143074A (en) * | 2021-11-29 | 2022-03-04 | 杭州迪普科技股份有限公司 | Webshell attack recognition device and method |
| CN114143074B (en) * | 2021-11-29 | 2023-09-22 | 杭州迪普科技股份有限公司 | webshell attack recognition device and method |
| CN114285627A (en) * | 2021-12-21 | 2022-04-05 | 安天科技集团股份有限公司 | Flow detection method and device, electronic equipment and computer readable storage medium |
| CN114285627B (en) * | 2021-12-21 | 2023-12-22 | 安天科技集团股份有限公司 | Flow detection method and device, electronic equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105488400A (en) | Comprehensive detection method and system of malicious webpage | |
| CN101964025B (en) | XSS detection method and equipment | |
| CN102831345B (en) | Injection point extracting method in SQL (Structured Query Language) injection vulnerability detection | |
| CN104766014A (en) | Method and system used for detecting malicious website | |
| CN102663319B (en) | Prompting method and device for download link security | |
| CN107341399B (en) | Method and device for evaluating security of code file | |
| CN109347882B (en) | Webpage Trojan horse monitoring method, device, equipment and storage medium | |
| CN101751530B (en) | Method for detecting loophole aggressive behavior and device | |
| CN102739663A (en) | Detection method and scanning engine of web pages | |
| CN102833212A (en) | Webpage visitor identity identification method and system | |
| CN104168293A (en) | Method and system for recognizing suspicious phishing web page in combination with local content rule base | |
| CN103647678A (en) | Method and device for online verification of website vulnerabilities | |
| CN104767747A (en) | Click jacking safety detection method and device | |
| CN102780684B (en) | XSS defensive system | |
| CN104123497A (en) | SQL injection prevention method, device and system | |
| CN104992117A (en) | Abnormal behavior detection method and behavior model establishment method of HTML5 mobile application program | |
| CN106250761B (en) | Equipment, device and method for identifying web automation tool | |
| CN109688130A (en) | Webpage kidnaps detection method, device and computer storage medium | |
| CN104468459B (en) | A kind of leak detection method and device | |
| CN107784107B (en) | Dark chain detection method and device based on escape behavior analysis | |
| CN106357682A (en) | Phishing website detecting method | |
| CN107103243B (en) | Vulnerability detection method and device | |
| CN105488399A (en) | Script virus detection method and system based on program keyword calling sequence | |
| CN107018152A (en) | Message block method, device and electronic equipment | |
| CN103390129B (en) | Detect the method and apparatus of security of uniform resource locator |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160413 |
|
| WD01 | Invention patent application deemed withdrawn after publication |