Xin Sun
ABSTRACT
WebShell is a web based network backdoor. With the help of WebShells, the hacker can take any control of the web services illegally. The current method of detecting WebShells is just matching the eigenvalues or detecting the produced flow or services, which is hard to find new kinds of WebShells. To solve these problems, this paper analyzes the different features of a page and proposes a novel matrix decomposition based WebShell detection algorithm. The algorithm is a supervised machine learning algorithm. By analyzing and learning features of known existing and non-existing WebShell pages, the algorithm can make predictions on the unknown pages. The experimental results show that, compared with traditional detection methods, this algorithm spends less time, has higher accuracy and recall rate, and can detect new kinds of WebShells with a certain probability, overcoming the shortcomings of the traditional feature matching based method, improving the accuracy and recalling rate of WebShell detection.
- Xia, Y., Ren, X., Peng, Z., Zhang, J., & She, L. (2014). Effectively identifying the influential spreaders in large-scale social networks. Multimedia Tools and Applications, 1--13.Google Scholar
- Tu, T. D., Guang, C., Xiaojun, G., & Wubin, P. (2014, July). Webshell detection techniques in web applications. In 2014 International Conference on Computing, Communication and Networking Technologies (ICCCNT), (pp. 1--7). IEEE.Google Scholar
- Stranieri, A., & Zeleznikow, J. (2002). WebShell: The development of web based expert systems. In Research and Development in Intelligent Systems XVIII (pp.245-258). Springer London. Google ScholarCross Ref
- Zhao, X., Liu, H., Xue, G., & Cao, W. (2014, December). Analysis of trojan horse events by query of vulnerability information in searching engines. In 2014 Seventh International Symposium on Computational Intelligence and Design (ISCID), (Vol. 2, pp. 268--271). IEEE. Google ScholarDigital Library
- Attack and Precaution of Webpage Trojan[J]. Computer Knowledge and Technology, 2014 (2X): 932-934.Google Scholar
- Mingkun, X., Xi, C., & Yan, H. (2012). Design of software to search ASP web shell. Procedia Engineering, 29, 123--127. Google ScholarCross Ref
- Liu, X., Xia, Y., Chen, W., Xiang, Y., Hassan, M. M., & Alelaiwi, A. (2016). SEMD: Secure and Efficient Message Dissemination with Policy Enforcement in VANET. Journal of Computer and System Sciences. 1316--1328. Google ScholarDigital Library
- Xia, Y., Liu, X., Xia, F., & Wang, G. (2016). A reduction of security notions in designated confirmer signatures. Theoretical Computer Science, 618, 1--20. Google ScholarDigital Library
- Le, V. G., Nguyen, H. T., Lu, D. N., & Nguyen, N. H. (2016, September). A Solution for Automatically Malicious Web Shell and Web Application Vulnerability Detection. In International Conference on Computational Collective Intelligence (pp. 367--378). Springer International Publishing. Google ScholarCross Ref
- HU, J., XU, Z., MA, D., & Yang, J. (2012). Research of Webshell Detection Based on Decision Tree [J]. Journal of Network New Media, 6, 005.Google Scholar
- Ye F, Gong J, Yang W. (2015). Black Box Detection of Webshell Based on Support Vector Machine[J]. Journal of Nanjing University of Aeronautics and Astronautics, 2015, 47(6): 924-930.Google Scholar
- Murphy, K. P. (2012). Machine learning: a probabilistic perspective. MIT press.Google Scholar
- Bishop, C. M. (2006). Pattern recognition. Machine Learning, 128.Google Scholar
- Lee, D. D., & Seung, H. S. (2001). Algorithms for non-negative matrix factorization. In Advances in neural information processing systems (pp. 556--562).Google Scholar
- Langley, P. (1994, November). Selection of relevant features in machine learning. In Proceedings of the AAAI Fall symposium on relevance (Vol. 184, pp. 245--271).Google Scholar
- Schorfheide, F. (2000). Loss function-based evaluation of DSGE models. Journal of Applied Econometrics, 15(6), 645--670. Google ScholarCross Ref
- Cohen, F. E., & Sternberg, M. J. (1980). On the prediction of protein structure: the significance of the root-mean-square deviation. Journal of molecular biology, 138(2), 321--333. Google ScholarCross Ref
- Sokolova, M., Japkowicz, N., & Szpakowicz, S. (2006, December). Beyond accuracy, F-score and ROC: a family of discriminant measures for performance evaluation. In Australasian Joint Conference on Artificial Intelligence (pp. 1015--1021). Springer Berlin Heidelberg. Google ScholarDigital Library
- Hosmer, D. W., & Lemeshow, S. (2000). Introduction to the logistic regression model. Applied Logistic Regression, Second Edition, 1--30. Google ScholarCross Ref
Recommendations
Modeling host-based detection and active worm containment
CNS '08: Proceedings of the 11th communications and networking simulation symposiumRecent advancements in Internet worms propagation techniques has generated interest in the development of appropriate defense techniques against such worms. Modeling the behaviour of worm defense techniques to better understand and measure their defense ...
Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory
A solution for trusted detection of unknown ransomware in VMs is proposed.Valuable data is extracted from the VM's memory dump using the Volatility framework.General descriptive features are proposed and successfully leveraged by ML algorithms.The ...
Permission based malware detection in android devices
SCA '18: Proceedings of the 3rd International Conference on Smart City ApplicationsThe mobile operation system Android is one of the most OS's used in the entire world, which make it the target of many malware projects and the mission of detecting those malware applications is getting harder over time due to evaluation and development ...
Comments