REAL-TIME WEB-SHELL DETECTION DEVICE USING KERNEL-BASED FILE EVENT MONITORING FUNCTION AND METHOD THEREOF

摘要

The present invention relates to a web-shell direction technology, and more specifically, to a device for detecting a web-shell on a real-time basis by using a kernel-based file event inspection function and a method thereof. The device includes: a web page inspection module which inspects the status of an inspection target file and a backup file in a web page to inspect whether the web page is forged; a kernel-based collection and analysis module which uses the file event inspection function in a kernel mode to collect the file event information generated with respect to files in the directory of the web page on a real-time basis and inspects whether the files in the directory are forged by referencing the collected file event information; a web-shell inspection module which inspects whether the forged file is a web-shell file by using the forgery inspection result generated by the kernel-based collection and analysis module and the forgery inspection result of the web page inspection module; and an inspection corresponding module which notifies the web-shell file inspection result generated by the web-shell file inspection module and collects the content corresponding thereto.;COPYRIGHT KIPO 2016