Mitigating Webshell Attacks through Machine Learning Techniques

Mitigating Webshell Attacks through Machine Learning Techniques

A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching meth...

Full description

Bibliographic Details
Main Authors: You Guo, Hector Marco-Gisbert, Paul Keir
Format: Article
Language:English
Published: MDPI AG 2020-01-01
Series:Future Internet
Subjects:
webshell attacks
machine learning
naïve bayes
opcode sequence
Online Access:https://www.mdpi.com/1999-5903/12/1/12
id doaj-9ba6b09236db4e5e89515b0d1f0861b7
record_format Article
spelling doaj-9ba6b09236db4e5e89515b0d1f0861b72020-11-25T01:45:08ZengMDPI AGFuture Internet1999-59032020-01-011211210.3390/fi12010012fi12010012Mitigating Webshell Attacks through Machine Learning TechniquesYou Guo0Hector Marco-Gisbert1Paul Keir2School of Computing Science and Engineering, Xi’an Technological University, Xi’an 710021, ChinaSchool of Computing, Engineering and Physical Sciences, University of the West of Scotland, High Street, Paisley PA1 2BE, UKSchool of Computing, Engineering and Physical Sciences, University of the West of Scotland, High Street, Paisley PA1 2BE, UKA webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching methods—matching input scripts against pre-built malicious code collections. The feature-matching method has a low detection rate for obfuscated webshells. However, with the help of machine learning algorithms, webshells can be detected more efficiently and accurately. In this paper, we propose a new PHP webshell detection model, the NB-Opcode (naïve Bayes and opcode sequence) model, which is a combination of naïve Bayes classifiers and opcode sequences. Through experiments and analysis on a large number of samples, the experimental results show that the proposed method could effectively detect a range of webshells. Compared with the traditional webshell detection methods, this method improves the efficiency and accuracy of webshell detection.https://www.mdpi.com/1999-5903/12/1/12webshell attacksmachine learningnaïve bayesopcode sequence
collection DOAJ
language English
format Article
sources DOAJ
author You Guo
Hector Marco-Gisbert
Paul Keir
spellingShingle You Guo
Hector Marco-Gisbert
Paul Keir
Mitigating Webshell Attacks through Machine Learning Techniques
Future Internet
webshell attacks
machine learning
naïve bayes
opcode sequence
author_facet You Guo
Hector Marco-Gisbert
Paul Keir
author_sort You Guo
title Mitigating Webshell Attacks through Machine Learning Techniques
title_short Mitigating Webshell Attacks through Machine Learning Techniques
title_full Mitigating Webshell Attacks through Machine Learning Techniques
title_fullStr Mitigating Webshell Attacks through Machine Learning Techniques
title_full_unstemmed Mitigating Webshell Attacks through Machine Learning Techniques
title_sort mitigating webshell attacks through machine learning techniques
publisher MDPI AG
series Future Internet
issn 1999-5903
publishDate 2020-01-01
description A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching methods—matching input scripts against pre-built malicious code collections. The feature-matching method has a low detection rate for obfuscated webshells. However, with the help of machine learning algorithms, webshells can be detected more efficiently and accurately. In this paper, we propose a new PHP webshell detection model, the NB-Opcode (naïve Bayes and opcode sequence) model, which is a combination of naïve Bayes classifiers and opcode sequences. Through experiments and analysis on a large number of samples, the experimental results show that the proposed method could effectively detect a range of webshells. Compared with the traditional webshell detection methods, this method improves the efficiency and accuracy of webshell detection.
topic webshell attacks
machine learning
naïve bayes
opcode sequence
url https://www.mdpi.com/1999-5903/12/1/12
work_keys_str_mv AT youguo mitigatingwebshellattacksthroughmachinelearningtechniques
AT hectormarcogisbert mitigatingwebshellattacksthroughmachinelearningtechniques
AT paulkeir mitigatingwebshellattacksthroughmachinelearningtechniques
_version_ 1725024991208013824

Similar Items