1. Mitigating Webshell Attacks through Machine Learning Techniques
- Author
-
You Guo, Paul Keir, and Hector Marco-Gisbert
- Subjects
Web server ,Computer Networks and Communications ,Computer science ,0211 other engineering and technologies ,02 engineering and technology ,computer.software_genre ,Machine learning ,Naive Bayes classifier ,Naive Bayes ,Web page ,0202 electrical engineering, electronic engineering, information engineering ,Code (cryptography) ,naïve Bayes ,Backdoor ,021110 strategic, defence & security studies ,lcsh:T58.5-58.64 ,business.industry ,lcsh:Information technology ,Opcode sequence ,Opcode ,webshell attacks ,ARQUITECTURA Y TECNOLOGIA DE COMPUTADORES ,Range (mathematics) ,Webshell attacks ,opcode sequence ,machine learning ,Scripting language ,020201 artificial intelligence & image processing ,Artificial intelligence ,business ,computer - Abstract
A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching methods&mdash, matching input scripts against pre-built malicious code collections. The feature-matching method has a low detection rate for obfuscated webshells. However, with the help of machine learning algorithms, webshells can be detected more efficiently and accurately. In this paper, we propose a new PHP webshell detection model, the NB-Opcode (naï, ve Bayes and opcode sequence) model, which is a combination of naï, ve Bayes classifiers and opcode sequences. Through experiments and analysis on a large number of samples, the experimental results show that the proposed method could effectively detect a range of webshells. Compared with the traditional webshell detection methods, this method improves the efficiency and accuracy of webshell detection.
- Published
- 2020
- Full Text
- View/download PDF