1. Field
The following description relates to a webshell detection technology, and more particularly, to a webshell detection/response system which may easily detect a webshell of a detection target server without installing a separate webshell detection application that is compiled in the form of a binary file in the detection target server.
2. Description of the Related Art
A webshell refers to web script files such as asp, php, jsp, and cgi files which are created so that an attacker enables an intrusion target server to execute a command remotely. The attacker may acquire an administrator authority of the intrusion target server using the webshell and then perform a variety of attacks such as reading of a webpage source of the intrusion target server, data leakage of contents or the like within the intrusion target server, installation of a backdoor program, and the like.
In recent years, types of the attacks have been increasingly skillful, such as constantly hacking the intrusion target server after attacking web vulnerability, such as SQL injection and file uploading.
Korean Patent Publication No. 10-2009-0088687 (Aug. 20, 2009) relates to webshell detection technology that is installed in a detection target computer to detect whether the detection target computer is infected with a webshell through webshell signature analysis and enables a server to update a webshell signature when an unregistered webshell signature is generated.
However, this conventional webshell detection technology detects a webshell through the installation of a separate webshell detection application compiled in the form of a binary file in a detection target server, and therefore there were problems that the webshell detection application was likely to conflict with other applications being processed in the detection target server, separate administration personnel for webshell detection was required, and there was difficulty in coping rapidly with occurrence of an accident due to the absence of expert knowledge when the accident by the webshell occurred.
Therefore, by the inventor of the present application, research on a webshell detection technology that can easily detect a webshell of a detection target server even without installing a separate webshell detection application compiled in the form of binary file in the detection target server has been conducted.