Litcius/Paper detail

Mitigating Webshell Attacks through Machine Learning Techniques

Youguang Guo, Héctor Marco-Gisbert, Paul Keir

2020Future Internet32 citationsDOIOpen Access PDF

Abstract

A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching methods—matching input scripts against pre-built malicious code collections. The feature-matching method has a low detection rate for obfuscated webshells. However, with the help of machine learning algorithms, webshells can be detected more efficiently and accurately. In this paper, we propose a new PHP webshell detection model, the NB-Opcode (naïve Bayes and opcode sequence) model, which is a combination of naïve Bayes classifiers and opcode sequences. Through experiments and analysis on a large number of samples, the experimental results show that the proposed method could effectively detect a range of webshells. Compared with the traditional webshell detection methods, this method improves the efficiency and accuracy of webshell detection.

Topics & Concepts

OpcodeComputer scienceMachine learningArtificial intelligenceNaive Bayes classifierFeature (linguistics)Scripting languageWeb serverMatching (statistics)Code (set theory)Data miningSupport vector machineOperating systemThe InternetLinguisticsProgramming languagePhilosophyMathematicsSet (abstract data type)StatisticsAdvanced Malware Detection TechniquesInternet Traffic Analysis and Secure E-votingSpam and Phishing Detection