论文信息 - Webshell detection techniques in web applications

Webshell detection techniques in web applications

With widely adoption of online services, malicious web sites have become a malignant tumor of the Internet. Through system vulnerabilities, attackers can upload malicious files (which are also called webshells) to web server to create a backdoor for hackers' further attacks. Therefore, finding and detecting webshell inside web application source code are crucial to secure websites. In this paper, we propose a novel method based on the optimal threshold values to identify files that contain malicious codes from web applications. Our detection system will scan and look for malicious codes inside each file of the web application, and automatically give a list of suspicious files and a detail log analysis table of each suspicious file for administrators to check further. The Experimental results show that our approach is applicable to identify webshell more efficient than some other approaches.

[1] Christopher Krügel,et al. Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.

[2] Markus Jakobsson,et al. Crimeware: Understanding New Attacks and Defenses , 2008 .

[3] Tsuhan Chen,et al. Malicious web content detection by machine learning , 2010, Expert Syst. Appl..

[4] Hung-Chang Chang,et al. Malicious Website Detection Based on Honeypot Systems , 2013, CSE 2013.

[5] Aurélien Francillon,et al. The role of web hosting providers in detecting compromised websites , 2013, WWW '13.

[6] Kouichi Sakurai Yoshiaki Hori,et al. DOMAIN INFORMATION BASED BLACKLISTING METHOD FOR THE DETECTION OF MALICIOUS WEBPAGES , 2013 .

[7] Ma Duohe. Research of Webshell Detection Based on Decision Tree , 2012 .

[8] H. L. Keenleyside,et al. Canadian Immigration Policy , 1948 .

[9] S. Mirdula,et al. Security Vulnerabilities in Web Application - An Attack Perspective. , 2013 .

[10] Hu Yan,et al. Design of Software to Search ASP Web Shell , 2012 .

[11] Enrique F. Schisterman,et al. Confidence Intervals for the Youden Index and Corresponding Optimal Cut-Point , 2007, Commun. Stat. Simul. Comput..

[12] Davide Balzarotti,et al. Behind the Scenes of Online Attacks: an Analysis of Exploitation Behaviors on the Web , 2013, NDSS.