...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>International Journal of Information Technology >Searching for Forensic Evidence in a Compromised Virtual Web Server against SQL Injection Attacks and PHP Web Shell
【24h】

Searching for Forensic Evidence in a Compromised Virtual Web Server against SQL Injection Attacks and PHP Web Shell

机译:在受损的虚拟Web服务器中搜索取证证据,以防SQL注入攻击和PHP Web Shell

获取原文
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

SQL injection is one of the most common types of attacks and has a very critical impact on web servers. In the worst case, an attacker can perform post-exploitation after a successful SQL injection attack. In the case of forensics web servers, web server analysis is closely related to log file analysis. But sometimes large file sizes and different log types make it difficult for investigators to look for traces of attackers on the server. The purpose of this paper is to help investigator take appropriate steps to investigate when the web server gets attacked. We use attack scenarios using SQL injection attacks including PHP backdoor injection as post-exploitation. We perform post-mortem analysis of web server logs based on Hypertext Transfer Protocol (HTTP) POST and HTTP GET method approaches that are characteristic of SQL injection attacks. In addition, we also propose structured analysis method between the web server application log file, database application, and other additional logs that exist on the webserver. This method makes the investigator more structured to analyze the log file so as to produce evidence of attack with acceptable time. There is also the possibility that other attack techniques can be detected with this method. On the other side, it can help web administrators to prepare their systems for the forensic readiness.
机译:SQL注入是最常见的攻击类型之一,对Web服务器具有非常关键的影响。在最坏的情况下,攻击者可以在成功的SQL注入攻击之后执行利用后的攻击。对于取证Web服务器,Web服务器分析与日志文件分析紧密相关。但是有时文件较大且日志类型不同,调查人员很难在服务器上查找攻击者的踪迹。本文的目的是帮助调查人员采取适当的措施来调查Web服务器何时受到攻击。我们使用包括SQL后门注入在内的SQL注入攻击的后攻击场景。我们基于SQL注入攻击的特征的超文本传输​​协议(HTTP)POST和HTTP GET方法对网络服务器日志进行事后分析。此外,我们还提出了Web服务器应用程序日志文件,数据库应用程序和Web服务器上存在的其他其他日志之间的结构化分析方法。这种方法使调查人员可以更有条理地分析日志文件,以便在可接受的时间内生成攻击证据。也有可能使用此方法检测其他攻击技术。另一方面,它可以帮助Web管理员为司法鉴定做好准备的系统。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号