摘要
WebShell是常见的Web脚本入侵攻击工具。攻击者将WebShell植入网站服务器后可对网站服务器进行控制,获取服务器操作权限。WebShell通常嵌套在正常网页脚本中,具有极强的隐蔽性,对网站自身及访问者带来极大危害。针对这些问题,文章提出一种基于DPDK的高速网络流量分析检测技术,在高速网络环境中对网络流量进行数据包捕获和解析,并通过特征码匹配的方式实现对WebShell的高效检测,同时对WebShell文件和攻击者进行溯源分析。
WebShell is a common Web script intrusion attack tool.By implanting WebShell into the Website server,the Website server can be controlled and the server operating program permissions can be obtained.WebShell is usually nested in normal Webpage scripts,which has strong concealment and brings great harm to the Website itself and visitors.In response to the above problems,this paper proposes a high-speed network traffic analysis and detection technology based on DPDK,which captures and analyzes network traffic in a highspeed network environment,and realizes efficient detection of WebShell in traffic data packets through feature code matching.At the same time,the WebShell file and the attacker are traced and analyzed.
作者
王跃达
黄潘
荆涛
宋雅稀
WANG Yueda;HUANG Pan;JING Tao;SONG Yaxi(Computer Network Information Center,Chinese Academy of Sciences,Beijing 100190,China;Beilong Zedata(Beijing)Data Technology Co.,Ltd.,Beijing 100190,China;Office of General Affairs,Chinese Academy of Sciences,Beijing 100864,China)
出处
《信息网络安全》
CSCD
北大核心
2021年第1期65-71,共7页
Netinfo Security
基金
国家重点研发计划[2017YFB0801902]。
