Fileless webshell attacks against Java web applications have becomemore frequent in recent years as Java has gained market share. Webshell is amalicious script that can remotely execute commands and invade servers. It...Fileless webshell attacks against Java web applications have becomemore frequent in recent years as Java has gained market share. Webshell is amalicious script that can remotely execute commands and invade servers. Itis widely used in attacks against web applications. In contrast to traditionalfile-based webshells, fileless webshells leave no traces on the hard drive, whichmeans they are invisible to most antivirus software. To make matters worse,although there are some studies on fileless webshells, almost all of themare aimed at web applications developed in the PHP language. The complexmechanism of Java makes researchers face more challenges. To mitigate thisattack, this paper proposes JShellDetector, a fileless webshell detector forJava web applications based on program analysis. JShellDetector uses methodprobes to capture dynamic characteristics of web applications in the JavaVirtual Machine (JVM). When a suspicious class tries to call a specificsensitive method, JShellDetector catches it and converts it from the JVMto a bytecode file. Then, JShellDetector builds a Jimple-based control flowgraph and processes it using taint analysis techniques. A suspicious classis considered malicious if there is a valid path from sources to sinks. Todemonstrate the effectiveness of the proposed approach, we manually collect35 test cases (all open source on GitHub) and test JShellDetector and onlytwo other Java fileless webshell detection tools. The experimental results showthat the detection rate of JShellDetector reaches 77.1%, which is about 11%higher than the other two tools.展开更多
This paper adopts server-side Java programming model: mod e 1- view-cont roller to construct welybased shopping system framework. Using servlets, Java server pages (JSPs) and JavaBeantechnologies, we provide a standar...This paper adopts server-side Java programming model: mod e 1- view-cont roller to construct welybased shopping system framework. Using servlets, Java server pages (JSPs) and JavaBeantechnologies, we provide a standard, open, robust and cross-platform architecture. It can guarantee system- independence. Presented framework provides a clean separation of presentation from business logic which meets user's taste by changing user interface frequenctly, and enables more functions to be conventiently added in future.展开更多
班组作为企业发展的重要构成,对项目的实现与具体工作协调起到关键性的作用。随着信息化的水平的逐步提高,电力系统体制的整体优化,班组的智能化,信息化刻不容缓。文章为实现班组人员的最优化配置,工作调度的最优化实现,设计了基于Java ...班组作为企业发展的重要构成,对项目的实现与具体工作协调起到关键性的作用。随着信息化的水平的逐步提高,电力系统体制的整体优化,班组的智能化,信息化刻不容缓。文章为实现班组人员的最优化配置,工作调度的最优化实现,设计了基于Java Web MVC框架的电力班组智能化管理系统。该系统在实际应用中取得了良好的效果。展开更多
基金supported by the National Natural Science Foundation of China under Grant Number 62001055.
文摘Fileless webshell attacks against Java web applications have becomemore frequent in recent years as Java has gained market share. Webshell is amalicious script that can remotely execute commands and invade servers. Itis widely used in attacks against web applications. In contrast to traditionalfile-based webshells, fileless webshells leave no traces on the hard drive, whichmeans they are invisible to most antivirus software. To make matters worse,although there are some studies on fileless webshells, almost all of themare aimed at web applications developed in the PHP language. The complexmechanism of Java makes researchers face more challenges. To mitigate thisattack, this paper proposes JShellDetector, a fileless webshell detector forJava web applications based on program analysis. JShellDetector uses methodprobes to capture dynamic characteristics of web applications in the JavaVirtual Machine (JVM). When a suspicious class tries to call a specificsensitive method, JShellDetector catches it and converts it from the JVMto a bytecode file. Then, JShellDetector builds a Jimple-based control flowgraph and processes it using taint analysis techniques. A suspicious classis considered malicious if there is a valid path from sources to sinks. Todemonstrate the effectiveness of the proposed approach, we manually collect35 test cases (all open source on GitHub) and test JShellDetector and onlytwo other Java fileless webshell detection tools. The experimental results showthat the detection rate of JShellDetector reaches 77.1%, which is about 11%higher than the other two tools.
文摘This paper adopts server-side Java programming model: mod e 1- view-cont roller to construct welybased shopping system framework. Using servlets, Java server pages (JSPs) and JavaBeantechnologies, we provide a standard, open, robust and cross-platform architecture. It can guarantee system- independence. Presented framework provides a clean separation of presentation from business logic which meets user's taste by changing user interface frequenctly, and enables more functions to be conventiently added in future.
文摘班组作为企业发展的重要构成,对项目的实现与具体工作协调起到关键性的作用。随着信息化的水平的逐步提高,电力系统体制的整体优化,班组的智能化,信息化刻不容缓。文章为实现班组人员的最优化配置,工作调度的最优化实现,设计了基于Java Web MVC框架的电力班组智能化管理系统。该系统在实际应用中取得了良好的效果。