| 摘要 |
PURPOSE: A device for detecting a web shell by using a meta pattern is provided to reduce time, costs, and efforts for processing a web shell pattern by detecting a web shell based on a preprocessed meta pattern from a web server. CONSTITUTION: An NFA(Non-deterministic Finite Automata) generating unit(12) generates an NFA by analyzing a web shell pattern defined with a regular expression rule. A DFA(Deterministic Finite Automata) generating unit(13) generates a DFA optimized with the NFA. A meta pattern generating unit(14) generates a meta pattern from the optimized DFA. The meta pattern includes a symbol table, a state table, and an accept table. The symbol table groups a value of an input character in the optimized DFA. [Reference numerals] (11) Regular expression storing unit; (12) Non-deterministic finite automata generating unit; (13) Deterministic finite automata generating unit; (14) Meta pattern generating unit; (15) Meta pattern managing unit; (20) Web server/web server managing server; (21) Web shell searching unit; (22) Web file searching unit; (23) Meta pattern storing unit; (24) Search result storing unit; (31) Web file storing unit
|
