CN106055980B - A kind of rule-based JavaScript safety detecting method - Google Patents
A kind of rule-based JavaScript safety detecting method Download PDFInfo
- Publication number
- CN106055980B CN106055980B CN201610367641.XA CN201610367641A CN106055980B CN 106055980 B CN106055980 B CN 106055980B CN 201610367641 A CN201610367641 A CN 201610367641A CN 106055980 B CN106055980 B CN 106055980B
- Authority
- CN
- China
- Prior art keywords
- javascript
- code
- dynamic
- page
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Debugging And Monitoring (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention discloses a kind of rule-based JavaScript safety detecting methods, the program analysis method combined using static analysis and dynamic analysis, the safety issue of JavaScript code in website is detected and fed back, the safety issue for finding to encode cross-site scripting attack malicious code lack of standardization including JavaScript.Problem is encoded using DLint tool Dynamic Discovery JavaScript first, then the component of source code is detected using the static code specification detection instrument ESLint of open source;Static Analysis Method is reused, goes out in source code that there may be the pages of cross-site scripting attack malicious code according to the threshold filtering of JavaScript page feature and setting;Then Jalangi frame is used, dynamic pitching pile is carried out to the page being obtained by filtration and carries out stain analysis, judges whether the page being obtained by filtration includes cross-site scripting attack.The present invention effectively increases the detection efficiency of coding criterion and malicious code on the basis of reducing omission factor.
Description
Technical field
The present invention relates to the detection of computer malware or process fields, and in particular to a kind of rule-based
JavaScript safety detecting method.
Background technique
With the development of Web2.0 technology, the development using the application of JavaScript is constantly accelerated therewith.
JavaScript is a kind of network script language, has been widely used for Web application and development, is commonly used to add for webpage various each
The dynamic function of sample provides the result of browse of more smooth beauty for user.Usual JavaScript script is by being embedded in
The function of itself is realized in HTML.
JavaScript because its dynamic interaction ability and good behaviour on various browsers has been favored by people, but
At the same time, more and more safety problems are also brought.
JavaScript often exists since it encodes the loose feature of tissue and encodes nonstandard feature, this to dislike
Meaning attacker can take advantage of a weak point, and the page comprising JavaScript code be kidnapped or stolen privacy information;It is cross-site
Script attack is a kind of computer security loophole frequently appeared in Web application, it allows malice Web user to be implanted into code
To being supplied in the page that other users use.
In recent years, static analysis concentrated on for the detection of JavaScript coding criterion and cross-site scripting attack, moved
Three aspects of state analysis and hybrid analysis.
Static analysis, which refers to, to be checked program source code using automation tools software to analyze the skill of program behavior
Art is applied to program correctness inspection, safety defect detection, program optimization etc..Static analysis have detection efficiency it is high, can be with
Covering all detects the characteristics of path, but it is based on character string or static nature matching more, can not obtain JavaScript operation
When dynamic characteristic.
Dynamic detection refers to by running tested program, checks the difference of operation result and expected results, and analyze operation
Efficiency, correctness and robustness etc..The operation characteristic of the available program of dynamic analysis, behavioral characteristics, but often execute the time
It is long, and the characteristic of this execution can only be obtained, branch statement can not be completely covered.
Hybrid detection refers to the program analysis and detection technology for combining static detection and dynamic detection technology, can be effective
Learn from other's strong points to offset one's weaknesses to dynamic detection and static detection.In the prior art, grant number CN102663296B, entitled " object web page
The intelligent detecting method of JavaScript malicious code ' domestic patent of invention although use the Malicious Code Detection of mixing
Method, but it is the mixing detection method combined by a variety of static methods.Detection speed of this patent for malicious code
Comparatively fast, but without the dynamic of analyzing in depth Java Script code in the process of running it flows to, still falls within static malicious code inspection
The scope of survey, rate of failing to report with higher.
Summary of the invention
The technical problem to be solved by the present invention is to overcome only use the leakage of Static Analysis Method bring merely in the prior art
The deficiency that inspection rate is high, simple dynamic analysing method bring detection efficiency is low and mixed method detection false detection rate is high.
To solve the above problems, the present invention provides a kind of program analysis side combined using static analysis and dynamic analysis
Method, technical solution are a kind of rule-based JavaScript safety detecting method comprising the steps of:
Step 1: dynamic detection code specification includes the following contents:
The Dynamic Execution abnormal activity of JavaScript code is defined first, by largely analyzing
JavaScript source code carries out classified finishing to its coding characteristic;The process performing for obtaining JavaScript source code, according to
Source code process performing judges with the presence or absence of coding Problem in source code, and sounds a warning to each problem;
Step 2: static detection code specification
The static detection code specification stage first determines the static coding abnormal activity of JavaScript code
Justice carries out classified finishing to its coding characteristic by largely analyzing JavaScript source code;To JavaScript source code into
Row static analysis carries out coding criterion to branch statement in JavaScript using the JavaScript static detecting tool of open source
Problem detection;By matching abnormal activity rule, determine needed in static detecting tool detector to be used to source code into
Row coding criterion inspection, finally quotes warning message;
Step 3: static detection malicious code
JavaScript source code is classified, is calculated by the attack method being commonly used according to malicious code, sets threshold
Value filters the JavaScript page lower than threshold value, and the page more than threshold value regards as the page that suspicious packet contains malicious code
Step 4 is sent into face.
Step 4: dynamic detection malicious code
To the suspicious JavaScript malicious code page being obtained by filtration in step 3, judge whether to belong to cross-site script
Attack;
Step 5: result is fed back
By the parts for needing to feed back with safety issue all in tetra- steps of the above 1-4, the feedback of system is carried out.
Further, in step 1 obtain JavaScript source code process performing be by using dynamic pitching pile tool with
Obtain concrete behavior when JavaScript is executed.
Preferably, above-mentioned dynamic pitching pile tool is DLint.
Further, JavaScript source code is carried out classification described in step 3 is by ten kinds of JavaScript source code features
It is divided into following four classes:
Redirect: the quantity of redirection accesses difference with target, according to the Bu Tong generated of browser;
Obscure: it is long that character string defines the code that the ratio used with character string, Dynamic Execution code quantity, dynamic generate
Degree;
Environmental preparation: pass through the byte number of string operation distribution, possible shellcode quantity;
Attack: quantity, the attribute in method and the parameter value of instancing component, method call sequence.
Further, judge whether that the method for belonging to cross-site scripting attack is as follows described in step 4:
The behavioural information for occurring dom tree change in webpage when dynamic operation is analyzed first, is designed in Jalangi
Rule and constraint condition, write as Study document;
API that dynamic stain stream in webpage is called, the function of calling, return the information such as parameter carry out induction and conclusion,
And it is designed to the rule in Jalangi and constraint condition, write as Study document;
Dynamic pitching pile is carried out using Jalangi tool to the suspicious JavaScript malicious code page obtained in step 3,
The dynamic behaviours information such as the function of the API, calling that call when the page executes, the parameter of return are obtained,
Be compared with Study document, for have dom tree change and dom tree change position there is remembering for stain stream
Record, in this, as the JavaScript page is judged, there are the foundations of cross-site scripting attack.
Compared with prior art, the invention has the following beneficial effects:
JavaScript coding criterion is expanded into JavaScript safety issue, in safety issue detection,
Dynamic analysis are combined with static analysis, the efficiency of detection safety issue is improved while reducing omission factor.
Detailed description of the invention
Fig. 1 is JavaScript code security inspection flow chart.
Fig. 2 is JavaScript code coding criterion flow chart.
Fig. 3 is JavaScript cross-site scripting attack code flow diagram.
Specific embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings.To the safety of JavaScript code in website into
Row detection and feedback, for finding to include that JavaScript encodes lack of standardization, malicious code in terms of cross-site scripting attack etc.
Safety issue.
To achieve the above object, the present invention encodes lack of standardization ask using DLint tool Dynamic Discovery JavaScript first
Topic, then detects the component of source code using the static code specification detection instrument ESLint of open source;It reuses quiet
State analysis method, goes out in source code that there may be cross-site scripts to attack according to the threshold filtering of JavaScript page feature and setting
The page of the malicious code hit finally uses Jalangi frame, carries out dynamic pitching pile to the page being obtained by filtration and carries out stain point
Analysis, judges whether the page being obtained by filtration includes cross-site scripting attack.On the basis of reducing omission factor, coding criterion is improved
With the detection efficiency of malicious code.The method of the present invention specifically comprises the following steps:
Step 1: dynamic detection code specification
As shown in Figure 1, needing the Dynamic Execution abnormal activity to JavaScript code to carry out in dynamic analysis phase
Definition carries out classified finishing to its coding characteristic, can define JavaScript by largely analyzing JavaScript source code
The abnormal activity of the code dynamic state performance;JavaScript source code process performing is obtained, row is executed according to source code
Problem is encoded to judge to whether there is in source code, then is sounded a warning to each problem.It can using dynamic pitching pile tool
To obtain concrete behavior when JavaScript is executed, parameter, string operation of function, return including calling etc. are used
These information can effectively analyze the coding situation of JavaScript code.
The detection of dynamic pitching pile can be carried out to JavaScript source code using DLint tool, obtain what source code called
The information such as function, the parameter of return, string operation, and return to coding Problem and the particular row in source code occurs
Number.The coding abnormal activity that analysis obtains is organized into the constraint condition of DLint, using the pitching pile tool of DLint to source generation
Code carries out pitching pile, obtains warning message.
The method that DLint tool uses dynamic analysis carries out coding criterion to JavaScript code and detects.
DLint divides generally existing JavaScript coding criterion problem after having investigated multiple static code detection instruments
Analysis, define code quality rule: should be avoided in JavaScript code cataloged procedure using or the mode that should use or
Behavior.DLint is based on Jalangi frame, and multiple operating parameters, operation ginseng are obtained after to JavaScript code dynamic pitching pile
Number is defined as predicate.Multiple meaning contaminations are matched with code quality rule, are used for dynamical min JavaScript generation
The coding Problem of code.
Step 2: static detection code specification
The static detection code specification stage needs to determine the static coding abnormal activity of JavaScript code
Justice carries out classified finishing to its coding characteristic, can define JavaScript generation by largely analyzing JavaScript source code
Code writes middle abnormal activity rule;Static analysis is carried out to JavaScript source code, it is quiet using the JavaScript of open source
State detection instrument ESLint carries out coding criterion problem detection to branch statement in JavaScript.By matching abnormal activity
Rule, determining needs detector to be used to carry out coding criterion inspection to source code in ESLint, finally quotes warning message.By
In DLint dynamic analysis process, branch statement can not be checked, therefore detect work using ESLint open source static code
Tool, according to the inspection criterion set in tool, the coding in branch statement that detection DLint tool can not detect is lack of standardization to be asked
Topic.By sound state binding analysis, the detection work of code quality specification is improved.
Step 3: static detection malicious code
The attack method being commonly used according to malicious code, the attack pattern that JavaScript malicious code is used carry out
Classification defines its feature to every a kind of attack pattern, counts the quantity of every kind of feature in JavaScript source code, set threshold
Value is filtered the JavaScript page lower than threshold value, and then regards as the suspicious page more than the page of threshold value, is sent into step
Rapid 4 carry out malicious code dynamic detection.
Ten kinds of JavaScript source code features are divided into four major class: reset by the attack method that malicious code is commonly used
To, obscure, environmental preparation and attack.The source code feature of every one kind is as follows:
Redirect: the quantity of redirection accesses difference with target, according to the Bu Tong generated of browser;
Obscure: it is long that character string defines the code that the ratio used with character string, Dynamic Execution code quantity, dynamic generate
Degree;
Environmental preparation: pass through the byte number of string operation distribution, possible shellcode quantity;
Attack: quantity, the attribute in method and the parameter value of instancing component, method call sequence.
According to above four class totally ten kinds of features, JavaScript source code is calculated, given threshold, to lower than threshold value
The filtering of the JavaScript page, the page more than threshold value regard as the page that suspicious packet contains malicious code, are sent into step 4.
Step 4: dynamic detection malicious code
As shown in Fig. 2, judging whether to belong to the suspicious JavaScript malicious code page being obtained by filtration in step 3
Cross-site scripting attack.The behavioural information for occurring dom tree change in webpage when dynamic operation is analyzed first, is designed to
Rule and constraint condition in Jalangi, are write as Study document;The letter of API, calling that dynamic stain stream in webpage is called
The information such as number, the parameter returned carry out induction and conclusion, and are designed to the rule in Jalangi and constraint condition, are write as analysis text
Part;Dynamic pitching pile is carried out using Jalangi tool to the suspicious JavaScript malicious code page being obtained by filtration in step 3,
The dynamic behaviour track for detecting malicious code, records the change of dom tree.By the dynamic characteristic of cross-site scripting attack code and
The change of dom tree is write as constraint condition.Obtain the dynamic rows such as the function of the API, calling that call when the page executes, the parameter of return
For information, be compared with Study document, for have dom tree change and dom tree change position there is remembering for stain stream
Record, in this, as the JavaScript page is judged, there are the foundations of cross-site scripting attack.Using Jalangi tool, use
Constraint condition is to there may be the pages of cross-site scripting attack to carry out stain analysis.If detecting the leakage of sensitive data,
Then judge whether the third party of leakage is credible, and the JavaScript page is determined if insincere, and there are cross-site scripting attack rows
For.
Step 5: result is fed back
Code Problem and malicious code problem are fed back in the JavaScript page that will test, feedback
The line number and specific safety issue title to go wrong as the result is shown.It is all that there is safety by this four steps of the above 1-4
Property problem need the part fed back, to carry out the feedback of system.
The present invention is not limited to the above embodiments, all are belonged to using the technical solution that equivalent replacement or equivalence replacement are formed
The scope of protection of present invention.
Claims (5)
1. a kind of rule-based JavaScript safety detecting method, it is characterised in that comprise the steps of:
Step 1: dynamic detection code specification includes the following contents:
The Dynamic Execution abnormal activity of JavaScript code is defined first, by largely analyzing the source JavaScript
Code carries out classified finishing to its coding characteristic;
The process performing for obtaining JavaScript source code judges in source code according to source code process performing with the presence or absence of coding
Problem, and sound a warning to each problem;
Step 2: static detection code specification;
The static detection code specification stage is first defined the static coding abnormal activity of JavaScript code, leads to
A large amount of analysis JavaScript source codes are crossed, classified finishing is carried out to its coding characteristic;JavaScript source code is carried out quiet
State analysis carries out coding criterion problem to branch statement in JavaScript using the JavaScript static detecting tool of open source
Detection;By matching abnormal activity rule, determining needs detector to be used to compile source code in static detecting tool
Code normalized checking, finally quotes warning message;
Step 3: static detection malicious code;
The attack method being commonly used according to malicious code, JavaScript source code is classified, is calculated, and given threshold is right
The JavaScript page lower than threshold value filters, and the page more than threshold value regards as the page that suspicious packet contains malicious code, send
Enter step 4;
Step 4: dynamic detection malicious code;
To the suspicious JavaScript malicious code page being obtained by filtration in step 3, judge whether to belong to cross-site scripting attack;
Step 5: result is fed back;
By the parts for needing to feed back with safety issue all in above-mentioned steps 1-4, the feedback of system is carried out.
2. a kind of rule-based JavaScript safety detecting method according to claim 1, it is characterised in that step
The process performing that JavaScript source code is obtained in rapid 1 is by using dynamic pitching pile tool to obtain JavaScript execution
When concrete behavior.
3. a kind of rule-based JavaScript safety detecting method according to claim 2, it is characterised in that institute
Stating dynamic pitching pile tool is DLint.
4. a kind of rule-based JavaScript safety detecting method according to claim 1, it is characterised in that step
It is that ten kinds of JavaScript source code features are divided into following four classes that JavaScript source code, which is carried out classification, described in rapid 3:
Redirect: the quantity of redirection accesses difference with target, according to the Bu Tong generated of browser;
Obscure: character string defines the code length that the ratio used with character string, Dynamic Execution code quantity, dynamic generate;
Environmental preparation: pass through the byte number of string operation distribution, possible shellcode quantity;
Attack: quantity, the attribute in method and the parameter value of instancing component, method call sequence.
5. a kind of rule-based JavaScript safety detecting method according to claim 1, it is characterised in that step
Judge whether that the method for belonging to cross-site scripting attack is as follows described in rapid 4:
The behavioural information for occurring dom tree change in webpage when dynamic operation is analyzed first, the rule being designed in Jalangi
Then and constraint condition, write as Study document;
Then the API that dynamic stain stream in webpage is called, the function of calling, return parameter carry out induction and conclusion, and design
At the rule and constraint condition in Jalangi, write as Study document;
Dynamic pitching pile is carried out using Jalangi tool to the suspicious JavaScript malicious code page obtained in step 3, is obtained
Dynamic behaviour information i.e. API that the page calls when executing, the function of calling, return parameter, be compared with Study document, it is right
In thering is dom tree to change and dom tree changes position and stain stream occurs and record, in this, as judging this JavaScript pages
There are the foundations of cross-site scripting attack in face.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610367641.XA CN106055980B (en) | 2016-05-30 | 2016-05-30 | A kind of rule-based JavaScript safety detecting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610367641.XA CN106055980B (en) | 2016-05-30 | 2016-05-30 | A kind of rule-based JavaScript safety detecting method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106055980A CN106055980A (en) | 2016-10-26 |
| CN106055980B true CN106055980B (en) | 2018-12-11 |
Family
ID=57175777
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610367641.XA Active CN106055980B (en) | 2016-05-30 | 2016-05-30 | A kind of rule-based JavaScript safety detecting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106055980B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107038378B (en) * | 2016-11-14 | 2018-06-26 | 平安科技(深圳)有限公司 | Application software security flaw detection method and system |
| CN108804278A (en) * | 2017-05-04 | 2018-11-13 | 苏州睿途网络科技有限公司 | A kind of software monitors system and its business model |
| CN107844422A (en) * | 2017-11-03 | 2018-03-27 | 郑州云海信息技术有限公司 | A kind of method of the programming count Js speech encoding ratio of defects under linux |
| CN108256338B (en) * | 2018-02-27 | 2021-04-27 | 中南大学 | Chrome extension sensitive data tracking method based on extension API (application programming interface) rewriting |
| CN110737891A (en) * | 2018-07-19 | 2020-01-31 | 北京京东金融科技控股有限公司 | host intrusion detection method and device |
| CN109240925A (en) * | 2018-09-06 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of Java language coding ratio of defects walks checking method |
| CN109542509A (en) * | 2018-11-13 | 2019-03-29 | 北京梆梆安全科技有限公司 | A kind of risk checking method and device of resource file |
| CN109740386B (en) * | 2018-12-25 | 2020-12-08 | 星潮闪耀移动网络科技(中国)有限公司 | Method and device for detecting static resource file |
| CN109871313A (en) * | 2018-12-30 | 2019-06-11 | 贝壳技术有限公司 | Code check method and device based on specific time |
| CN109876447A (en) * | 2019-01-15 | 2019-06-14 | 珠海金山网络游戏科技有限公司 | A kind of big game resource specification monitoring method and device |
| CN111273913B (en) * | 2020-01-20 | 2023-03-21 | 北京明略软件系统有限公司 | Method and device for outputting application program interface data represented by specifications |
| CN112100620B (en) * | 2020-09-04 | 2024-02-06 | 百度在线网络技术(北京)有限公司 | Code security detection method, apparatus, device and readable storage medium |
| CN112199274B (en) * | 2020-09-18 | 2022-05-03 | 北京大学 | JavaScript dynamic tain tracking method based on V8 engine and electronic device |
| CN112532654A (en) * | 2021-01-25 | 2021-03-19 | 黑龙江朝南科技有限责任公司 | Abnormal behavior detection technology for Web attack discovery |
| CN113535183B (en) * | 2021-07-28 | 2024-05-28 | 北京达佳互联信息技术有限公司 | Code processing method, device, electronic equipment and storage medium |
| CN114003906A (en) * | 2021-11-01 | 2022-02-01 | 北京奇艺世纪科技有限公司 | Application program risk detection method and device, storage medium and electronic equipment |
| CN117131236B (en) * | 2023-10-28 | 2024-02-02 | 深圳海云安网络安全技术有限公司 | Sensitive data detection method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254111A (en) * | 2010-05-17 | 2011-11-23 | 北京知道创宇信息技术有限公司 | Malicious site detection method and device |
| CN102663296A (en) * | 2012-03-31 | 2012-09-12 | 杭州安恒信息技术有限公司 | Intelligent detection method for Java script malicious code facing to the webpage |
| CN105068925A (en) * | 2015-07-29 | 2015-11-18 | 北京理工大学 | Software security flaw discovering system |
-
2016
- 2016-05-30 CN CN201610367641.XA patent/CN106055980B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254111A (en) * | 2010-05-17 | 2011-11-23 | 北京知道创宇信息技术有限公司 | Malicious site detection method and device |
| CN102663296A (en) * | 2012-03-31 | 2012-09-12 | 杭州安恒信息技术有限公司 | Intelligent detection method for Java script malicious code facing to the webpage |
| CN105068925A (en) * | 2015-07-29 | 2015-11-18 | 北京理工大学 | Software security flaw discovering system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106055980A (en) | 2016-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106055980B (en) | A kind of rule-based JavaScript safety detecting method | |
| CN105069355B (en) | The static detection method and device of webshell deformations | |
| Lee et al. | A novel method for SQL injection attack detection based on removing SQL query attribute values | |
| EP2891100B1 (en) | Security scan based on dynamic taint | |
| CN110266669A (en) | A kind of Java Web frame loophole attacks the method and system of general detection and positioning | |
| US20170316202A1 (en) | Rasp for scripting languages | |
| CN109101815B (en) | Malicious software detection method and related equipment | |
| US8028336B2 (en) | Intrusion detection using dynamic tracing | |
| US11888885B1 (en) | Automated security analysis of software libraries | |
| CN104462962B (en) | A kind of method for detecting unknown malicious code and binary vulnerability | |
| CN107798242A (en) | A kind of malice Android application automatic checkout system of quiet dynamic bind | |
| CN104901962B (en) | A kind of detection method and device of web page attacks data | |
| CN101751530A (en) | Method for detecting loophole aggressive behavior and device | |
| Gauthier et al. | Fast detection of access control vulnerabilities in php applications | |
| CN112149124A (en) | Android malicious program detection method and system based on heterogeneous information network | |
| CN106485148A (en) | The implementation method of the malicious code behavior analysiss sandbox being combined based on JS BOM | |
| CN113595975A (en) | Detection method and device for Webshell of Java memory | |
| KR100670209B1 (en) | Device of analyzing web application source code based on parameter status tracing and method thereof | |
| CN110287722B (en) | Sensitive permission extraction method for privacy regulation check in iOS application | |
| Waly et al. | A complete framework for kernel trace analysis | |
| CN105262720A (en) | Web robot traffic identification method and device | |
| CN112632547A (en) | Data processing method and related device | |
| CN107798244A (en) | A kind of method and device for detecting Remote Code Execution Vulnerability | |
| Zhang et al. | Research on SQL injection vulnerabilities and its detection methods | |
| CN113779589B (en) | Android smart phone application misconfiguration detection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |