Method of Webshell detection based on multi-view feature fusion
Webshell is a malicious script file on the Web.It is usually uploaded by the attacker to the target server to achieve the purpose of illegal access control.In order to overcome the shortcoming of the existing Webshell detection methods,such as single network traffic behavior,simple by passed signatu...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Beijing Xintong Media Co., Ltd
2020-06-01
|
| Series: | Dianxin kexue |
| Subjects: | |
| Online Access: | http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2020158/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Webshell is a malicious script file on the Web.It is usually uploaded by the attacker to the target server to achieve the purpose of illegal access control.In order to overcome the shortcoming of the existing Webshell detection methods,such as single network traffic behavior,simple by passed signature comparison,and easily bypassed signature comparison,a method of Webshell detection based on multi-view feature fusion for PHP Webshell detecting was proposed.Firstly,multiple features including lexical features,syntactic features,and abstract features were extracted.Secondly,fisher score was used to sort and filter all features according to the degree of importance.Finally,a model that can effectively distinguish Webshell from normal scripts was established through SVM.The large-scale experiment in real-world scenario shows that the final accuracy of our model can reach 92.1%. |
|---|---|
| ISSN: | 1000-0801 |