Abstract
Aiming at the problem that the existing Webshell detection method relies on manual extraction of features, low automation and easy to bypass, a Webshell detection algorithm based on deep learning is proposed. Some methods to escape the detection of deep learning model and the solution is proposed. Through the noise reduction and malicious payload reduction of Webshell and normal web pages, the features are automatically extracted in the deep learning model. The experimental results show that the recognition accuracy of the model is 99.56%. The detection range is wide and can cope with many kinds of bypass strategies.
Supported by National Natural Science Fund Project No. 61661019; Major Science and Technology Project of Hainan province No. ZDKJ2016015-2; Hainan Education Reform Project No. Hnjg2017ZD-1; NSFC under Grant No. 61662021; NSF of Hainan No. ZDYF2017128 and No. 20156243.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cheng, R., Xu, R., Tang, X., Sheng, V.S., Cai, C.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. Comput. Mater. Continua 55(1), 095–095 (2018)
Choi, Y.H., Kim, T.G., Choi, S.J., Lee, C.W.: Automatic detection for JavaScript obfuscation attacks in web pages through string pattern analysis. In: Lee, Y., Kim, T., Fang, W., Ślęzak, D. (eds.) FGIT 2009. LNCS, vol. 5899, pp. 160–172. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10509-8_19
Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proceedings of the 19th International Conference on World Wide Web, pp. 281–290. ACM (2010)
Curtsinger, C., Livshits, B., Zorn, B., Seifert, C.: Zozzle: Low-overhead mostly static JavaScript malware detection. In: Proceedings of the USENIX Security Symposium, pp. 3 (2011)
Deng, L.Y., Lee, D.L., Chen, Y.H., Yann, L.X.: Lexical analysis for the webshell attacks. In: 2016 International Symposium on Computer, Consumer and Control (IS3C), pp. 579–582. IEEE (2016)
Hou, Y.T., Chang, Y., Chen, T., Laih, C.S., Chen, C.M.: Malicious web content detection by machine learning. Expert Syst. Appl. 37(1), 55–60 (2010)
Huang, W., Stokes, J.W.: MtNet: a multi-task neural network for dynamic malware classification. In: Caballero, J., Zurutuza, U., RodrÃguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 399–418. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_20
Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Identifying suspicious URLs: an application of large-scale online learning. In: Proceedings of the 26th Annual International Conference on Machine Learning, pp. 681–688. ACM (2009)
Meng, Z., Mei, R., Zhang, T., Wen, W.P.: Research of Linux webshell detection based on SVM classifier. Netinfo Secur. 5, 4 (2014)
Meyerovich, L.A., Livshits, B.: ConScript: specifying and enforcing fine-grained security policies for JavaScript in the browser. In: 2010 IEEE Symposium on Security and Privacy, pp. 481–496. IEEE (2010)
Mingkun, X., Xi, C., Yan, H.: Design of software to search ASP web shell. Procedia Eng. 29, 123–127 (2012)
Moshchuk, A., Bragin, T., Deville, D., Gribble, S.D., Levy, H.M.: SpyProxy: execution-based detection of malicious web content. In: USENIX Security Symposium, pp. 1–16 (2007)
Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N., et al.: The ghost in the browser: analysis of web-based malware. HotBots 7, 4–4 (2007)
Behrens, S., Hagen, B.: Web Shell Detection Using NeoPI (2012). http://resources.infosecinstitute.com/web-shell-detection/. Accessed 6 Nov 2017
Sun, X., Lu, X., Dai, H.: A matrix decomposition based webshell detection method. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, pp. 66–70. ACM (2017)
Tu, T.D., Guang, C., Xiaojun, G., Wubin, P.: Webshell detection techniques in web applications. In: 2014 International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–7. IEEE (2014)
Wang, Y.M., Beck, D., Jiang, X., Roussev, R.: Automated web patrol with strider HoneyMonkeys: finding web sites that exploit browser vulnerabilities. In: NDSS. Citeseer (2006)
Zhang, H., Yi, Y., Wang, J., Cao, N., Duan, Q.: Network security situation awareness framework based on threat intelligence. CMC-Comput. Mater. Continua 56(3), 381–399 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Tao, F., Cao, C., Liu, Z. (2019). Webshell Detection Model Based on Deep Learning. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11635. Springer, Cham. https://doi.org/10.1007/978-3-030-24268-8_38
Download citation
DOI: https://doi.org/10.1007/978-3-030-24268-8_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24267-1
Online ISBN: 978-3-030-24268-8
eBook Packages: Computer ScienceComputer Science (R0)