Abstract
AbstractWeb applications are highly vulnerable to injecting malicious code (webshell) attacks. The static analysis is considered the best method to detect webshells. However, this method consumes a lot of time and hardware resources. In this work, we propose a network-based approach that combines the advantage of the rule-based intrusion detection system and deep learning algorithms for webshell detection, termed HRDWD. Specifically, we first consider our rule-based detector for early detection of known webshell and utilize it as a filter to determine HTTP traffics. Then, the HTTP traffics passed through the detector is extracted and represented by 79 features. Finally, the deep neural network model is designed to deeply analyze these features and detect the webshell traffics among the benign ones. To validate the proposed approach, we conduct rigorous experiments to test the performance of HRDWD. The results indicate that HRDWD achieves a high F1-score of 99.98%, an accuracy of 99.96%, and performs better than related models using the same dataset. We put HRDWD into practice to build an IPS system named UET.IPS, and this system has proven feasible in real-time detection and prevention of webshell attacks, including unknown types.KeywordsWebshell detectionHybrid rule-based and deep analysisIntrusion detection and prevention systemDeep neural network
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
