TY - GEN
T1 - WADS
T2 - 16th International Conference on Information Security Practice and Experience, ISPEC 2021
AU - Yu, Beiyuan
AU - Liu, Jian Wei
AU - Zhou, Ziyu
N1 - Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021
Y1 - 2021
N2 - Webshell is a code execution environment with extensions like php, asp, and jsp, which essence is to help managers of the system manage the web application effortlessly. Therefore, an attacker can use weshell as a backdoor program to control the webserver similarly. Traditional webshell detection mechanisms like rule matching and feature code detection usually suffer from poor generalization capabilities, leading to a higher rate of false negatives. Based on the Machine Learning model N-Gram, TF-IDF to extract the webshell sample features, three Machine Learning algorithms Multilayer Perceptron, XGBoost, and Naive Bayesian, to train the model. Analysis through training and testing, detection accuracy is more than 99% under the experimental environment, which detectable scope includes php, jsp, asp, and others. By combing the Machine Learning webshell detection model with the Software-Defined Networks using the flow table operate method, we implement a dynamic defense solution against webshell attackers, leading attackers to disconnect with the target network.
AB - Webshell is a code execution environment with extensions like php, asp, and jsp, which essence is to help managers of the system manage the web application effortlessly. Therefore, an attacker can use weshell as a backdoor program to control the webserver similarly. Traditional webshell detection mechanisms like rule matching and feature code detection usually suffer from poor generalization capabilities, leading to a higher rate of false negatives. Based on the Machine Learning model N-Gram, TF-IDF to extract the webshell sample features, three Machine Learning algorithms Multilayer Perceptron, XGBoost, and Naive Bayesian, to train the model. Analysis through training and testing, detection accuracy is more than 99% under the experimental environment, which detectable scope includes php, jsp, asp, and others. By combing the Machine Learning webshell detection model with the Software-Defined Networks using the flow table operate method, we implement a dynamic defense solution against webshell attackers, leading attackers to disconnect with the target network.
KW - Machine learning
KW - SDN
KW - Webshell detection
UR - https://www.scopus.com/pages/publications/85122017342
U2 - 10.1007/978-3-030-93206-0_13
DO - 10.1007/978-3-030-93206-0_13
M3 - 会议稿件
AN - SCOPUS:85122017342
SN - 9783030932053
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 209
EP - 222
BT - Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings
A2 - Deng, Robert
A2 - Bao, Feng
A2 - Wang, Guilin
A2 - Shen, Jian
A2 - Ryan, Mark
A2 - Meng, Weizhi
A2 - Wang, Ding
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 17 December 2021 through 19 December 2021
ER -