Abstract
Web shells are used by attackers to maintain persistent access on a compromised web server. Attackers exploit commonly occurring vulnerabilities like SQL Injection, cross site scripting and uploads a web shell that can be used to execute commands or perform a host of other functions. Web shells are a post-exploitation tactic that allows an attacker to remotely access and possibly control an internet-facing server. A web shell may remain hidden and the attacker can silently use the web shell to maintain remote access to the web server. Common methods of detecting web shells include looking for common strings in PHP source files, analyzing logs etc. But such methods have high false positives as they consider any script with a particular string or a function to be a web shell without taking into account other features of a web shell. In this paper, a machine learning based approach is proposed for the detection of web shells written in PHP language. The proposed approach analyses the function call and the use of super global variables commonly used in PHP web shells using a deep learning technique. The proposed approach has the advantage that it has low false positives and can detect web shells with an accuracy of 0.97.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
