Skip to main content
SpringerLink
Log in

Webshell Detection Model Based on Deep Learning

  • Conference paper
  • First Online:
Artificial Intelligence and Security (ICAIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11635))

Included in the following conference series:

Abstract

Aiming at the problem that the existing Webshell detection method relies on manual extraction of features, low automation and easy to bypass, a Webshell detection algorithm based on deep learning is proposed. Some methods to escape the detection of deep learning model and the solution is proposed. Through the noise reduction and malicious payload reduction of Webshell and normal web pages, the features are automatically extracted in the deep learning model. The experimental results show that the recognition accuracy of the model is 99.56%. The detection range is wide and can cope with many kinds of bypass strategies.

Supported by National Natural Science Fund Project No. 61661019; Major Science and Technology Project of Hainan province No. ZDKJ2016015-2; Hainan Education Reform Project No. Hnjg2017ZD-1; NSFC under Grant No. 61662021; NSF of Hainan No. ZDYF2017128 and No. 20156243.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cheng, R., Xu, R., Tang, X., Sheng, V.S., Cai, C.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. Comput. Mater. Continua 55(1), 095–095 (2018)

    Google Scholar 

  2. Choi, Y.H., Kim, T.G., Choi, S.J., Lee, C.W.: Automatic detection for JavaScript obfuscation attacks in web pages through string pattern analysis. In: Lee, Y., Kim, T., Fang, W., Ślęzak, D. (eds.) FGIT 2009. LNCS, vol. 5899, pp. 160–172. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10509-8_19

    Chapter  Google Scholar 

  3. Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proceedings of the 19th International Conference on World Wide Web, pp. 281–290. ACM (2010)

    Google Scholar 

  4. Curtsinger, C., Livshits, B., Zorn, B., Seifert, C.: Zozzle: Low-overhead mostly static JavaScript malware detection. In: Proceedings of the USENIX Security Symposium, pp. 3 (2011)

    Google Scholar 

  5. Deng, L.Y., Lee, D.L., Chen, Y.H., Yann, L.X.: Lexical analysis for the webshell attacks. In: 2016 International Symposium on Computer, Consumer and Control (IS3C), pp. 579–582. IEEE (2016)

    Google Scholar 

  6. Hou, Y.T., Chang, Y., Chen, T., Laih, C.S., Chen, C.M.: Malicious web content detection by machine learning. Expert Syst. Appl. 37(1), 55–60 (2010)

    Article  Google Scholar 

  7. Huang, W., Stokes, J.W.: MtNet: a multi-task neural network for dynamic malware classification. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 399–418. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_20

    Chapter  Google Scholar 

  8. Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Identifying suspicious URLs: an application of large-scale online learning. In: Proceedings of the 26th Annual International Conference on Machine Learning, pp. 681–688. ACM (2009)

    Google Scholar 

  9. Meng, Z., Mei, R., Zhang, T., Wen, W.P.: Research of Linux webshell detection based on SVM classifier. Netinfo Secur. 5, 4 (2014)

    Google Scholar 

  10. Meyerovich, L.A., Livshits, B.: ConScript: specifying and enforcing fine-grained security policies for JavaScript in the browser. In: 2010 IEEE Symposium on Security and Privacy, pp. 481–496. IEEE (2010)

    Google Scholar 

  11. Mingkun, X., Xi, C., Yan, H.: Design of software to search ASP web shell. Procedia Eng. 29, 123–127 (2012)

    Article  Google Scholar 

  12. Moshchuk, A., Bragin, T., Deville, D., Gribble, S.D., Levy, H.M.: SpyProxy: execution-based detection of malicious web content. In: USENIX Security Symposium, pp. 1–16 (2007)

    Google Scholar 

  13. Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N., et al.: The ghost in the browser: analysis of web-based malware. HotBots 7, 4–4 (2007)

    Google Scholar 

  14. Behrens, S., Hagen, B.: Web Shell Detection Using NeoPI (2012). http://resources.infosecinstitute.com/web-shell-detection/. Accessed 6 Nov 2017

  15. Sun, X., Lu, X., Dai, H.: A matrix decomposition based webshell detection method. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, pp. 66–70. ACM (2017)

    Google Scholar 

  16. Tu, T.D., Guang, C., Xiaojun, G., Wubin, P.: Webshell detection techniques in web applications. In: 2014 International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–7. IEEE (2014)

    Google Scholar 

  17. Wang, Y.M., Beck, D., Jiang, X., Roussev, R.: Automated web patrol with strider HoneyMonkeys: finding web sites that exploit browser vulnerabilities. In: NDSS. Citeseer (2006)

    Google Scholar 

  18. Zhang, H., Yi, Y., Wang, J., Cao, N., Duan, Q.: Network security situation awareness framework based on threat intelligence. CMC-Comput. Mater. Continua 56(3), 381–399 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of Internet Information Retrieval of Hainan Province, Hainan University, Haikou, 570228, China

    Fangjian Tao, Chunjie Cao & Zhihui Liu

  2. State Key Laboratory of Marine Resource Utilization in the South China Sea, Hainan University, Haikou, 570228, China

    Chunjie Cao

  3. School of Information Science and Technology, Hainan University, Haikou, 570228, China

    Fangjian Tao, Chunjie Cao & Zhihui Liu

Authors
  1. Fangjian Tao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chunjie Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhihui Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chunjie Cao .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Zhaoqing Pan

  3. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tao, F., Cao, C., Liu, Z. (2019). Webshell Detection Model Based on Deep Learning. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11635. Springer, Cham. https://doi.org/10.1007/978-3-030-24268-8_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24268-8_38

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24267-1

  • Online ISBN: 978-3-030-24268-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation