论文信息 - Mixed-Models Method Based on Machine Learning in Detecting WebShell Attack

Mixed-Models Method Based on Machine Learning in Detecting WebShell Attack

WebShell is a command execution environment in the form of web files and also a remote administration tool in web containers. However, it is also a web page backdoor for attackers. Malicious WebShell endangers safety of the Web services. Traditional detection methods, which suitable for general WebShell attack scripts, are based on rule matching. Effectively detecting mutant WebShell has become a great difficulty in computer security worldwide. Mutant scripts of PHP WebShell are the most numerous, complicated and difficult to detect in all kinds of mutant WebShell. This paper proposed a mixed model based on Machine Learning that is used to detect WebShell in different classifications. Using many feature engineering and sample balancing algorithms, the model mixes Machine Learning algorithms of Random Forest (RF) and Convolutional Neural Networks (CNN). It proposed a practicable intelligent solution for mutant WebShell attack detection with the optimized precision rate over 97%.

[1] Jianwei Hu,et al. 基于XGBoost算法的Webshell检测方法研究 (Research of Webshell Detection Method Based on XGBoost Algorithm) , 2018, 计算机科学.

[2] Hui Han,et al. Borderline-SMOTE: A New Over-Sampling Method in Imbalanced Data Sets Learning , 2005, ICIC.

[3] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[4] Nitesh V. Chawla,et al. SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[5] Jiuwen Cao,et al. Imbalanced learning algorithm based intelligent abnormal electricity consumption detection , 2020, Neurocomputing.

[6] Guo Xiaojun,et al. Webshell detection techniques in web applications , 2014, Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT).

[7] Monica S. Lam,et al. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.

[8] Jingjing Yang,et al. A Method of Detecting Webshell Based on Multi-layer Perception , 2019 .

[9] Meng Zhen. Research of Linux WebShell Detection based on SVM Classifier , 2014 .

[10] Michael D. Ernst,et al. Automatic creation of SQL Injection and cross-site scripting attacks , 2009, 2009 IEEE 31st International Conference on Software Engineering.