Abstract

The rapid development of the Internet has changed the way people live and work. Web security, as the foundation of network security, has received much more attention. Based on the variability of Webshells and the vulnerability of detection methods, this paper proposed a model that used deep learning to detect and implements the automatic identification of Webshells. For the shortcomings of the traditional detection models using machine learning algorithms, this paper proposed to apply convolutional neural network to Webshell detection process. The deep learning model does not require complicated artificial feature engineering, and the modeled features trained through model learning can also allow the attacker to avoid targeted bypassing in Webshell detection. The experimental results showed that this method not only has better detection accuracy, but also can effectively avoid the attacker’s targeted bypassing. At the same time, with the accumulation of training samples, the detection accuracies of the detection model in different application environments will gradually improvements, which has clear advantages over traditional machine learning algorithms.

Highlights

  • When an attacker conducts attacks such as penetration tests, data theft, dark chain implantation, and intranet lateral movement on the websites, the backdoors of the website are often implanted on the website servers to maintain the management authority of the websites

  • In [3], a Webshell detection method based on Naive Bayesian theory is proposed for Webshell with obfuscated encryption coding technology

  • It can be seen that the detection method based on convolutional neural network works pretty good in the application of Webshell detection

Read more

Summary

Introduction

When an attacker conducts attacks such as penetration tests, data theft, dark chain implantation, and intranet lateral movement on the websites, the backdoors (that is, Webshells) of the website are often implanted on the website servers to maintain the management authority of the websites. Even if the website vulnerabilities are patched, as long as the backdoors of the hackers are exist, the hackers can still penetrate the website servers. Using a variety of attack tools and Webshell scripts, hackers can quickly and effectively implement bulk website intrusion. The original version of this chapter was revised: The acknowledgment of the NSFC Foundation was missing. Environments, such as “China Chopper”, “axe” and other tools are website management tools, and they are often used for website attack. One is based on the experience of webmasters for manual identification, the second one is static feature detection, the third one is dynamic feature detection, and the last one is statistical analysis

Manual Identification
Static Feature Detection
Dynamic Feature Detection
Statistical Analysis
Advantages of Convolutional Neural Networks
Application in Text Processing
Sample Data Preprocessing
Simplified Word Segmentation
Vectorization Model
Convolutional Neural Network Structure
Sample Collection
Comparison of Three Vectorization Models
The Impact of Filter Window
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.