Abstract
The popularity of today's web application has led to web servers frequently the objects of webshell attacks. In this paper, we propose a new deep inspection method that is composed of a deep learning algorithm and signature-based technique for webshell detection, namely DLWSD. Moreover, to avoid bottlenecks, DLWSD built-in DeepInspector inspects in real-time the large-scale traffic flows with a strategy of periodic sampling at a defined frequency and interval for only flows that do not satisfy any signature. DeepInspector can create/update rules from webshell attacking alert results to prevent in future. We also proposed a mechanism using the cross-entropy loss function to regulate the training imbalanced dataset. Our experiments allow validating the performance of DLWSD using a popular dataset CSE-CIC-IDS2018 with the metrics accuracy, F1-score, FPR of 99.99%, 99.98%, and 0.01% respectively. It is also better compared with other studies using the same dataset.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
