CN116170243B - POC (point-of-care) -based rule file generation method and device, electronic equipment and medium - Google Patents

POC (point-of-care) -based rule file generation method and device, electronic equipment and medium Download PDF

Info

Publication number
CN116170243B
CN116170243B CN202310463017.XA CN202310463017A CN116170243B CN 116170243 B CN116170243 B CN 116170243B CN 202310463017 A CN202310463017 A CN 202310463017A CN 116170243 B CN116170243 B CN 116170243B
Authority
CN
China
Prior art keywords
poc
file
vulnerability
http request
attack content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310463017.XA
Other languages
Chinese (zh)
Other versions
CN116170243A (en
Inventor
薛洪亮
刘晓鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Abt Networks Co ltd
Original Assignee
Beijing Abt Networks Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Abt Networks Co ltd filed Critical Beijing Abt Networks Co ltd
Priority to CN202310463017.XA priority Critical patent/CN116170243B/en
Publication of CN116170243A publication Critical patent/CN116170243A/en
Application granted granted Critical
Publication of CN116170243B publication Critical patent/CN116170243B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method, a device, electronic equipment and a medium for generating a rule file based on POC, wherein the method comprises the following steps: marking the HTTP request address and the attack content in the POC file, and extracting the HTTP request address and the attack content; extracting a target field in the POC file; and converting the target field, the marked HTTP request address and attack content into a Snort rule file and storing the Snort rule file into a database. According to the method and the device, the Snort rule file is automatically generated according to the POC, so that the efficiency of detecting network attacks is improved.

Description

POC (point-of-care) -based rule file generation method and device, electronic equipment and medium
Technical Field
The present invention relates to the field of network security detection technologies, and in particular, to a method, an apparatus, an electronic device, and a medium for generating a rule file based on POC.
Background
POC is commonly referred to as Proof of Concept, and in the security arts, POC generally refers to a simple piece of code or script that is used to exploit or exploit a known vulnerability to prove that the vulnerability does exist and can be exploited by an attacker. POC is typically used to detect and verify the security of a system in order to repair vulnerabilities in time, thereby preventing an attacker from attacking the system with vulnerabilities.
In the prior art, the POC obtaining approach of the loopholes generally analyzes a large amount of flow data manually, screens out the flow containing malicious features, or restores the attack flow according to the known loopholes, so that the mass data needs to be processed, and the efficiency is low.
Disclosure of Invention
In view of the foregoing, it is necessary to provide a method, apparatus, electronic device and medium for generating rule files based on POC, so as to achieve the purpose of automatically generating Snort rules according to POC, thereby improving the efficiency of detecting network attacks.
In order to achieve the above object, the present invention provides a method for generating a rule file based on POC, comprising:
marking the HTTP request address and attack content in the POC file, and extracting the marked HTTP request address and attack content;
extracting a target field in the POC file;
and converting the target field, the marked HTTP request address and attack content into a Snort rule file and storing the Snort rule file into a database.
In some possible implementations, the marking the HTTP request address and the attack content in the POC file includes:
and marking the HTTP request address and attack content in the POC file by using special characters.
In some possible implementations, the extracting the tagged HTTP request address and attack content includes:
extracting the HTTP request address and attack content of the mark through a regular expression.
In some possible implementations, the extracted target field includes:
vulnerability names, vulnerability types, vulnerability grades, vulnerability description information, vulnerability corresponding reference links and vulnerability numbers.
In some possible implementations, the vulnerability types include: injection vulnerabilities, cross-site scripting vulnerabilities, file upload vulnerabilities, file contain vulnerabilities, and command execution vulnerabilities.
In some possible implementations, the converting the extracted target field, the extracted HTTP request address, and the attack content into a Snort rule file includes:
judging whether special characters exist in the extracted attack content, and if so, encoding the extracted attack content to obtain an attack content in a Hex format;
and judging whether the vulnerability names and the vulnerability description information in the extracted fields are English or not, if so, calling a translation interface to translate the vulnerability names and the vulnerability description information in the extracted fields into Chinese.
In some possible implementations, storing the Snort rule file in a database includes:
and inputting the Snort rule file into a POC scanning tool for verification, and storing the Snort rule file into a database after verification is passed.
On the other hand, the invention also provides a device for generating rule files based on POC, which comprises:
the attack information extraction unit is used for marking the HTTP request address and the attack content in the POC file and extracting the HTTP request address and the attack content;
a target field extracting unit for extracting a target field in the POC file;
and the rule file generation unit is used for converting the extracted target field, the extracted HTTP request address and the attack content into a Snort rule file and storing the Snort rule file into a database.
In another aspect, the invention also provides an electronic device comprising a memory and a processor, wherein,
the memory is used for storing programs;
the processor is coupled to the memory, and is configured to execute the program stored in the memory, so as to implement a step in the POC-based rule file generating method according to any one of the foregoing implementations.
In another aspect, the present invention further provides a computer readable storage medium, configured to store a computer readable program or instructions, where the program or instructions, when executed by a processor, implement the steps in a method for generating a rule file based on POC in any one of the above implementation manners.
The beneficial effects of adopting the embodiment are as follows: the method based on the POC generation rule file comprises the steps of firstly marking and extracting HTTP request addresses and attack contents in the POC file, extracting target fields in the POC file, and finally converting the extracted target fields, the extracted HTTP request addresses and the extracted attack contents into Snort rule files and storing the Snort rule files and the Snort rule files into a database. The method and the device extract according to the fields in the POC so as to automatically generate the Snort rule file, thereby improving the efficiency of detecting the network attack.
Drawings
FIG. 1 is a flowchart illustrating a method for generating rule files based on POC according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an embodiment of an apparatus for generating rule files based on POC according to the present invention;
fig. 3 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
Preferred embodiments of the present invention will now be described in detail with reference to the accompanying drawings, which form a part hereof, and together with the description serve to explain the principles of the invention, and are not intended to limit the scope of the invention.
Fig. 1 is a schematic flow chart of an embodiment of a method for generating a rule file based on POC according to the present invention, as shown in fig. 1, a method for generating a rule file based on POC includes:
s101, marking HTTP request addresses and attack contents in POC files, and extracting marked HTTP request addresses and attack contents;
s102, extracting a target field in the POC file;
s103, converting the target field, the marked HTTP request address and attack content into a Snort rule file and storing the Snort rule file into a database.
Compared with the prior art, the method based on the POC generation rule file provided by the embodiment firstly marks and extracts the HTTP request address and the attack content in the POC file, extracts the target field in the POC file, and finally converts the extracted target field, the extracted HTTP request address and the extracted attack content into the Snort rule file and stores the Snort rule file and the Snort rule file in a database. The invention automatically generates Snort rules according to POC, thereby improving the efficiency of detecting network attack.
Note that POC (Proof of Concept) is used to detect whether a vulnerability exists. In some embodiments of the present invention, in step S101, the marking the HTTP request address and the attack content in the POC file includes:
and marking the HTTP request address and attack content in the POC file by using special characters.
It is noted that special characters include $,. In a specific embodiment of the present invention, special characters tag the HTTP request address and attack content in POC files with $.
It should be noted that, a regular expression is a logic formula for operating on a string (including common characters (e.g., letters between a and z) and special characters (called "meta characters")), and is a "regular string" formed by a number of specific characters defined in advance and a combination of the specific characters, where the "regular string" is used to express a filtering logic for the string. A regular expression is a text pattern that describes one or more strings to be matched when searching text. In some embodiments of the present invention, in step S101, the extracting the HTTP request address and attack content of the tag includes:
extracting the HTTP request address and attack content of the mark through a regular expression.
In some embodiments of the present invention, in step S103, the extracted target field includes:
vulnerability names, vulnerability types, vulnerability grades, vulnerability description information, vulnerability corresponding reference links and vulnerability numbers.
In some embodiments of the invention, the vulnerability types include: injection vulnerabilities, cross-site scripting vulnerabilities, file upload vulnerabilities, file contain vulnerabilities, and command execution vulnerabilities.
Note that, the injection hole: because of its popularity and severity, injection vulnerability bits are the first in the vulnerability rank. Common injection holes include SQL, LDAP, OS commands, ORM and OGML. The user may input the structured malicious code through any input point, which may result in injection holes once the input malicious code is sent to the parser as part of a command or query if the application does not strictly filter the user's input. Cross-site scripting vulnerability: the generic name of XSS loopholes is cross-site scripting loopholes. XSS vulnerabilities are security vulnerabilities common in web applications that allow users to embed malicious code into a web page, and when other users access this page, the embedded malicious script will execute on the other users' clients. There are many hazards, and information of a client user can be obtained through XSS vulnerabilities, such as Cookie information logged in by the user; trojan horse can be planted into the client; the server can be attacked by other vulnerabilities and trojan horses can be implanted in the server. File upload vulnerability: the main reason for the file uploading vulnerability is that the uploading function is provided in the application program, but the uploaded file is not passed through strict validity check or has a defect in the checking function, so that the Trojan horse file is uploaded to the server. The file uploading loopholes are extremely harmful, and because malicious codes can be directly uploaded to the server, serious consequences such as modification of a server webpage, suspension of a website, remote control of the server, back door installation and the like can be caused. The file contains vulnerabilities: file parameters contained in the file containment vulnerabilities are not filtered or strictly defined, and the parameters may be controlled by a user and may contain unexpected files. If malicious code exists in the file, the malicious code in the file can be analyzed and executed no matter what suffix type the file is, and the file contains loopholes. Command execution vulnerability: some functions of an application program need to call functions that can execute system commands. If these functions or parameters of the functions can be controlled by the user, it is possible for malicious commands to splice into normal functions through the command connector, so that system commands can be executed at will. This is a command execution vulnerability, which is one of the high risk vulnerabilities.
It should be noted that, in Hex coding, an 8-bit byte data is displayed by two hexadecimal numbers, and when in coding, the 8-bit binary code is rearranged into two 4-bit bytes, wherein the lower 4 bits of one byte are the upper four bits of the original byte, the lower 4 bits of the other byte are the lower 4 bits of the original data, the upper 4 bits are all complemented with 0, and then the hexadecimal numbers corresponding to the two bytes are output as the code. In some embodiments of the present invention,
the converting the target field, the marked HTTP request address and the attack content into Snort rule files includes:
judging whether special characters exist in the extracted attack content, and if so, encoding the extracted attack content to obtain an attack content in a Hex format;
and judging whether the vulnerability names and the vulnerability description information in the extracted fields are English or not, if so, calling a translation interface to translate the vulnerability names and the vulnerability description information in the extracted fields into Chinese.
In some embodiments of the present invention, storing the Snort rule file in a database includes:
and inputting the Snort rule file into a POC scanning tool for verification, and storing the Snort rule file into a database after verification is passed. The method comprises the following steps: after the rule file is generated, a local poc scan tool, such as nucleic, is automatically loaded. And loading a corresponding yaml rule file, and scanning and detecting the target of the target drone.
Meanwhile, a snort module in the POC scanning tool refers to the corresponding rule file to detect the generated rule file, calls a packet capturing program such as tcpdump through python to monitor flow, and exits the packet capturing process after 2s by using a pexpect library to generate a packet capturing file. After verification is passed, the generated rule file is stored in a database.
In order to better implement a method for generating a rule file based on POC in the embodiment of the present invention, correspondingly, as shown in fig. 2, on the basis of the method for generating a rule file based on POC, an apparatus for generating a rule file based on POC is provided in the embodiment of the present invention, and an apparatus 200 for generating a rule file based on POC includes:
an attack information extraction unit 201, configured to mark an HTTP request address and attack content in a POC file, and extract the marked HTTP request address and attack content;
a target field extracting unit 202, configured to extract a target field in the POC file;
the rule file generating unit 203 is configured to convert the target field, the marked HTTP request address, and the attack content into a Snort rule file, and store the Snort rule file in a database.
The device 200 based on POC generation rule files provided in the foregoing embodiment may implement the technical solution described in the foregoing embodiment of a method for generating rule files based on POC, and the specific implementation principle of each module or unit may refer to the corresponding content in the foregoing embodiment of a method for generating rule files based on POC, which is not described herein again.
As shown in fig. 3, the present invention further provides an electronic device 300 accordingly. The electronic device 300 comprises a processor 301, a memory 302 and a display 303. Fig. 3 shows only some of the components of the electronic device 300, but it should be understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead.
The processor 301 may in some embodiments be a central processing unit (Central Processing Unit, CPU), microprocessor or other data processing chip for executing program code or processing data stored in the memory 302, such as a POC-based rule file generation method according to the present invention.
In some embodiments, processor 301 may be a single server or a group of servers. The server farm may be centralized or distributed. In some embodiments, the processor 301 may be local or remote. In some embodiments, processor 301 may be implemented in a cloud platform. In an embodiment, the cloud platform may include a private cloud, a public cloud, a hybrid cloud, a community cloud, a distributed cloud, an inter-internal, multiple clouds, or the like, or any combination thereof.
The memory 302 may be an internal storage unit of the electronic device 300 in some embodiments, such as a hard disk or memory of the electronic device 300. The memory 302 may also be an external storage device of the electronic device 300 in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the electronic device 300.
Further, the memory 303 may also include both internal storage units and external storage devices of the electronic device 300. The memory 302 is used for storing application software and various types of data for installing the electronic device 300.
The display 303 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like in some embodiments. The display 303 is used for displaying information at the electronic device 300 and for displaying a visual user interface. The components 301-303 of the electronic device 300 communicate with each other via a system bus.
In one embodiment, when the processor 301 executes a POC-based rule file program in the memory 302, the following steps may be implemented:
marking the HTTP request address and attack content in the POC file, and extracting the marked HTTP request address and attack content;
extracting a target field in the POC file;
and converting the target field, the marked HTTP request address and attack content into a Snort rule file and storing the Snort rule file into a database.
It should be understood that: the processor 301 may perform other functions in addition to the above functions when executing a POC based rule program in the memory 302, see in particular the description of the corresponding method embodiments above.
Further, the type of the electronic device 300 is not particularly limited, and the electronic device 300 may be a mobile phone, a tablet computer, a Personal Digital Assistant (PDA), a wearable device, a laptop computer (laptop), or other portable electronic devices. Exemplary embodiments of portable electronic devices include, but are not limited to, portable electronic devices that carry IOS, android, microsoft or other operating systems. The portable electronic device described above may also be other portable electronic devices, such as a laptop computer (laptop) or the like having a touch-sensitive surface, e.g. a touch panel. It should also be appreciated that in other embodiments of the invention, the electronic device 300 may not be a portable electronic device, but rather a desktop computer having a touch-sensitive surface (e.g., a touch panel).
Those skilled in the art will appreciate that all or part of the flow of the methods of the embodiments described above may be accomplished by way of a computer program to instruct associated hardware, where the program may be stored on a computer readable storage medium. Wherein the computer readable storage medium is a magnetic disk, an optical disk, a read-only memory or a random access memory, etc.
The present invention is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present invention are intended to be included in the scope of the present invention.

Claims (7)

1. A method for generating a rule file based on POC, comprising:
marking the HTTP request address and attack content in the POC file, and extracting the marked HTTP request address and attack content;
extracting a target field in the POC file;
converting the target field, the marked HTTP request address and attack content into a Snort rule file and storing the Snort rule file into a database;
the marking the HTTP request address and the attack content in the POC file comprises the following steps:
marking the HTTP request address and attack content in the POC file by using special characters;
the extracted target field includes:
vulnerability names, vulnerability types, vulnerability grades, vulnerability description information, vulnerability corresponding reference links and vulnerability numbers;
the converting the target field, the marked HTTP request address and the attack content into Snort rule files includes:
judging whether special characters exist in the extracted attack content, and if so, encoding the extracted attack content to obtain an attack content in a Hex format;
and judging whether the vulnerability names and the vulnerability description information in the extracted fields are English or not, if so, calling a translation interface to translate the vulnerability names and the vulnerability description information in the extracted fields into Chinese.
2. The method for generating a rule file based on POC according to claim 1, wherein the extracting the tagged HTTP request address and attack content comprises:
extracting the HTTP request address and attack content of the mark through a regular expression.
3. The method of generating a rule file based on POC of claim 1, wherein the vulnerability type comprises: injection vulnerabilities, cross-site scripting vulnerabilities, file upload vulnerabilities, file contain vulnerabilities, and command execution vulnerabilities.
4. The method for generating a rule file based on POC of claim 1, wherein storing the Snort rule file in a database comprises:
and inputting the Snort rule file into a POC scanning tool for verification, and storing the Snort rule file into a database after verification is passed.
5. An apparatus for generating a rule file based on POC, comprising:
the attack information extraction unit is used for marking the HTTP request address and the attack content in the POC file and extracting the marked HTTP request address and the marked attack content;
a target field extracting unit, configured to extract a target field in the POC file;
the rule file generation unit is used for converting the target field, the marked HTTP request address and the attack content into a Snort rule file and storing the Snort rule file into a database;
the marking the HTTP request address and the attack content in the POC file comprises the following steps:
marking the HTTP request address and attack content in the POC file by using special characters;
the extracted target field includes:
vulnerability names, vulnerability types, vulnerability grades, vulnerability description information, vulnerability corresponding reference links and vulnerability numbers;
the converting the target field, the marked HTTP request address and the attack content into Snort rule files includes:
judging whether special characters exist in the extracted attack content, and if so, encoding the extracted attack content to obtain an attack content in a Hex format;
and judging whether the vulnerability names and the vulnerability description information in the extracted fields are English or not, if so, calling a translation interface to translate the vulnerability names and the vulnerability description information in the extracted fields into Chinese.
6. An electronic device comprising a memory and a processor, wherein,
the memory is used for storing programs;
the processor, coupled to the memory, is configured to execute the program stored in the memory to implement the steps in a POC-based rule file method as claimed in any one of the preceding claims 1 to 4.
7. A computer readable storage medium storing a computer readable program or instructions which when executed by a processor is capable of carrying out the steps of a POC based rule file method according to any of the preceding claims 1 to 4.
CN202310463017.XA 2023-04-26 2023-04-26 POC (point-of-care) -based rule file generation method and device, electronic equipment and medium Active CN116170243B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310463017.XA CN116170243B (en) 2023-04-26 2023-04-26 POC (point-of-care) -based rule file generation method and device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310463017.XA CN116170243B (en) 2023-04-26 2023-04-26 POC (point-of-care) -based rule file generation method and device, electronic equipment and medium

Publications (2)

Publication Number Publication Date
CN116170243A CN116170243A (en) 2023-05-26
CN116170243B true CN116170243B (en) 2023-07-25

Family

ID=86418590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310463017.XA Active CN116170243B (en) 2023-04-26 2023-04-26 POC (point-of-care) -based rule file generation method and device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN116170243B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447991A (en) * 2008-11-19 2009-06-03 中国人民解放军信息安全测评认证中心 Test device used for testing intrusion detection system and test method thereof
CN109325351A (en) * 2018-08-23 2019-02-12 中通服咨询设计研究院有限公司 A kind of security breaches automatic Verification systems based on many survey platforms
CN114417345A (en) * 2021-11-19 2022-04-29 上海理工大学 Web attack detection method based on NLP

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060087090A (en) * 2005-01-28 2006-08-02 소우영 An attack packet database using snort rule
CN107800692A (en) * 2017-10-13 2018-03-13 郑州云海信息技术有限公司 A kind of XSS leak detection methods and system based on web browser
CN112152972A (en) * 2019-06-28 2020-12-29 北京奇虎科技有限公司 Method and device for detecting IOT equipment vulnerability and router
CN113282932B (en) * 2021-07-22 2021-10-08 杭州安恒信息技术股份有限公司 POC (Point of sale) generation method and device, electronic equipment and storage medium
CN114817923A (en) * 2022-05-17 2022-07-29 安天科技集团股份有限公司 Method and device for generating intrusion detection rule, computer equipment and storage medium
CN115174201B (en) * 2022-06-30 2023-08-01 北京安博通科技股份有限公司 Security rule management method and device based on screening tag

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447991A (en) * 2008-11-19 2009-06-03 中国人民解放军信息安全测评认证中心 Test device used for testing intrusion detection system and test method thereof
CN109325351A (en) * 2018-08-23 2019-02-12 中通服咨询设计研究院有限公司 A kind of security breaches automatic Verification systems based on many survey platforms
CN114417345A (en) * 2021-11-19 2022-04-29 上海理工大学 Web attack detection method based on NLP

Also Published As

Publication number Publication date
CN116170243A (en) 2023-05-26

Similar Documents

Publication Publication Date Title
CA2697632C (en) System and method for authentication, data transfer, and protection against phishing
Barth et al. Secure content sniffing for web browsers, or how to stop papers from reviewing themselves
RU2637477C1 (en) System and method for detecting phishing web pages
US20120222117A1 (en) Method and system for preventing transmission of malicious contents
US9973525B1 (en) Systems and methods for determining the risk of information leaks from cloud-based services
US10621345B1 (en) File security using file format validation
CN113014549B (en) HTTP-based malicious traffic classification method and related equipment
US8490861B1 (en) Systems and methods for providing security information about quick response codes
CN111628990A (en) Attack recognition method and device and server
CN115664859B (en) Data security analysis method, device, equipment and medium based on cloud printing scene
CN114006746A (en) Attack detection method, device, equipment and storage medium
CN113810375A (en) Webshell detection method, device and equipment and readable storage medium
CN116170243B (en) POC (point-of-care) -based rule file generation method and device, electronic equipment and medium
Watson Web application attacks
Falah et al. Towards enhanced PDF maldocs detection with feature engineering: design challenges
Sharif Web Attacks Analysis and Mitigation Techniques
Mun et al. Secure short url generation method that recognizes risk of target url
AU2014200698B2 (en) A computer-implemented method for detecting domain injection or evasion
CN113114609A (en) Webshell detection evidence obtaining method and system
KR102186212B1 (en) Apparatus and methdo for providing a phased attack classification map
CN116738442B (en) Defensive vulnerability scanning detection method and device, electronic equipment and medium
CN103699841A (en) Encoding bypassing intercepting method and device
TWI506471B (en) System and method for defending against cross-site scripting
Kumar et al. Enhanced Intrusion Detection System for Input Validation Attacks in Web Application
Niranjane Buffer Overflow Detection and Avoidance Technique

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant