Application attack detection method and device based on function call chain tracking

• Main Authors: CHENG PEIZHE, KUANG YAHE, FAN XINYU, LYU BOLIANG
• Format: Patent
• Language: Chinese; English
• Published: 29.07.2022
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC COMMUNICATION TECHNIQUE; ELECTRIC DIGITAL DATA PROCESSING; ELECTRICITY; PHYSICS; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The invention provides an application attack detection method based on function call chain tracking, which can be applied to the technical field of information security. The method comprises the following steps: in an application service test stage, collecting a full function call chain corresponding to a service; function call chains are collected in real time in the application running stage; comparing the function call chain with the full function call chain to determine an abnormal call chain; determining the risk level of the abnormal call chain according to the frequency of the abnormal call chain, the request IP and the function name in the abnormal call chain; and carrying out alarm output on the detection result. The invention further provides an application attack detection device and equipment based on function call chain tracking, a storage medium and a program product. 本公开提供了一种基于函数调用链跟踪的应用攻击检测方法，可以应用于信息安全技术领域。该方法包括：在应用业务测试阶段，采集业务对应的全量函数调用链；在应用运行阶段实时采集函数调用链；将所述函数调用链与所述全量函数调用链进行比对确定异常调用链；根据所述异常调用链的