| With the scale of China's digital economy and network applications growing rapidly,the network security situation is grim at present.Network security events have occurred frequently in recent years.Enterprises and government networks is under serious security threat.Webshell is a commonly used backdoor for attackers.Effective detection and discovery of webshell can greatly protect the security of enterprises and government networks.With the maturity of machine learning algorithms and technologies,the detection efficiency of normal webshell has been greatly improved.The number of webshell backdoor has fallen sharply.In order to avoid detection,a new type of webshell called "no file" webshell has appeared and brought new challenges to the security of enterprises and government networks.The research on detection of "no file" webshell has just started.The detection technologies are not mature enough and unable to detect all kinds of "no file" webshell.Therefore,improving the detection efficiency of "no file" webshell is of great significance to ensure the security of enterprises and government networks and data.Aiming at the most popular "no file" webshell technology based on Java container at this stage,this thesis analyzes,reproduces and studies its technical characteristics in the experimental environment,then tests and compares the advantages and disadvantages of the existing detection technology,and puts forward and implement an improved detection technology according to the shortcomings of the existing detection technology.The main work of this thesis is as follows:(1)Three types of "no file" webshell technologies based on Java container are analyzed: the "no file" webshell technology based on Java servlet specification,the "no file" webshell technology based on specific Java Framework and the "no file" webshell technology based on Java agent.These technologies are implemented in an experimental environment.The implementation methods and characteristics of them are summarized.(2)Existing "no file" webshell detection technologies based on Java container are analyzed: detection technology of monitoring MBean based on Java visualvm,detection technology based on Java reflection mechanism and detection technology based on Java agent.These detection technologies are tested in the experimental environment.Its advantages and disadvantages are compared and summarized.(3)Aiming at the disadvantages of the existing "no file" webshell detection technologies based on Java container.This thesis proposed an improved detection technology based on hotspot SA,which can detect of all kinds of "no file" webshell based on Java container.This thesis analyzes the "no file" webshell technology based on Java container and the existing detection technology,proposes an improved detection technology based on hotspot SA technology,which improves the detection efficiency of "no file" webshell based on Java container. |
PDF Full Text Request