A dynamic and heterogeneous web application to defense webshell attacks by using diversified PHP code

International Conference on Critical Infrastructure Protection Pub Date : 2018-11-02 DOI:10.1145/3290420.3290438

Weichao Li, Zheng Zhang, Liqun Wang

引用次数: 1

Abstract

Malicious code injection attacks often bypass rules based filtering methods by various deformable methods. Based on the PHP web application environment, we proposed a method of using code diversification, and then defended the PHP webshell attack threat by constructing a dynamic and heterogeneous PHP web application which uses the redundancy adjudication and dynamic transformation method. Finally, this method is verified in cloud service environment.

查看原文本刊更多论文

一个动态的、异构的web应用程序，通过使用多样化的PHP代码来防御webshell攻击

恶意代码注入攻击通常通过各种可变形方法绕过基于规则的过滤方法。基于PHP web应用环境，提出了一种利用代码多样化的方法，并利用冗余判断和动态转换方法构建了一个动态异构的PHP web应用，防御了PHP webshell攻击威胁。最后，在云服务环境中对该方法进行了验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Conference on Critical Infrastructure Protection

自引率

0.00%

发文量