Method of Webshell detection based on multi-view feature fusion
Webshell is a malicious script file on the Web.It is usually uploaded by the attacker to the target server to achieve the purpose of illegal access control.In order to overcome the shortcoming of the existing Webshell detection methods,such as single network traffic behavior,simple by passed signatu...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Beijing Xintong Media Co., Ltd
2020-06-01
|
| Series: | Dianxin kexue |
| Subjects: | |
| Online Access: | http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2020158/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530703860203520 |
|---|---|
| author | Feng LIN Liujing XU Xiaohua CHEN Weiqiang QI Ke CHEN Tiantian ZHU |
| author_facet | Feng LIN Liujing XU Xiaohua CHEN Weiqiang QI Ke CHEN Tiantian ZHU |
| author_sort | Feng LIN |
| collection | DOAJ |
| description | Webshell is a malicious script file on the Web.It is usually uploaded by the attacker to the target server to achieve the purpose of illegal access control.In order to overcome the shortcoming of the existing Webshell detection methods,such as single network traffic behavior,simple by passed signature comparison,and easily bypassed signature comparison,a method of Webshell detection based on multi-view feature fusion for PHP Webshell detecting was proposed.Firstly,multiple features including lexical features,syntactic features,and abstract features were extracted.Secondly,fisher score was used to sort and filter all features according to the degree of importance.Finally,a model that can effectively distinguish Webshell from normal scripts was established through SVM.The large-scale experiment in real-world scenario shows that the final accuracy of our model can reach 92.1%. |
| format | Article |
| id | doaj-art-ca82dba5a662425bbbb6d9f302892cb9 |
| institution | Kabale University |
| issn | 1000-0801 |
| language | zho |
| publishDate | 2020-06-01 |
| publisher | Beijing Xintong Media Co., Ltd |
| record_format | Article |
| series | Dianxin kexue |
| spelling | doaj-art-ca82dba5a662425bbbb6d9f302892cb92025-01-15T03:00:36ZzhoBeijing Xintong Media Co., LtdDianxin kexue1000-08012020-06-013612513259582796Method of Webshell detection based on multi-view feature fusionFeng LINLiujing XUXiaohua CHENWeiqiang QIKe CHENTiantian ZHUWebshell is a malicious script file on the Web.It is usually uploaded by the attacker to the target server to achieve the purpose of illegal access control.In order to overcome the shortcoming of the existing Webshell detection methods,such as single network traffic behavior,simple by passed signature comparison,and easily bypassed signature comparison,a method of Webshell detection based on multi-view feature fusion for PHP Webshell detecting was proposed.Firstly,multiple features including lexical features,syntactic features,and abstract features were extracted.Secondly,fisher score was used to sort and filter all features according to the degree of importance.Finally,a model that can effectively distinguish Webshell from normal scripts was established through SVM.The large-scale experiment in real-world scenario shows that the final accuracy of our model can reach 92.1%.http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2020158/Webshell detectionmulti-view feature fusionfeature selection and filteringmachine learning |
| spellingShingle | Feng LIN Liujing XU Xiaohua CHEN Weiqiang QI Ke CHEN Tiantian ZHU Method of Webshell detection based on multi-view feature fusion Dianxin kexue Webshell detection multi-view feature fusion feature selection and filtering machine learning |
| title | Method of Webshell detection based on multi-view feature fusion |
| title_full | Method of Webshell detection based on multi-view feature fusion |
| title_fullStr | Method of Webshell detection based on multi-view feature fusion |
| title_full_unstemmed | Method of Webshell detection based on multi-view feature fusion |
| title_short | Method of Webshell detection based on multi-view feature fusion |
| title_sort | method of webshell detection based on multi view feature fusion |
| topic | Webshell detection multi-view feature fusion feature selection and filtering machine learning |
| url | http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2020158/ |
| work_keys_str_mv | AT fenglin methodofwebshelldetectionbasedonmultiviewfeaturefusion AT liujingxu methodofwebshelldetectionbasedonmultiviewfeaturefusion AT xiaohuachen methodofwebshelldetectionbasedonmultiviewfeaturefusion AT weiqiangqi methodofwebshelldetectionbasedonmultiviewfeaturefusion AT kechen methodofwebshelldetectionbasedonmultiviewfeaturefusion AT tiantianzhu methodofwebshelldetectionbasedonmultiviewfeaturefusion |