Abstract
A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching methods—matching input scripts against pre-built malicious code collections. The feature-matching method has a low detection rate for obfuscated webshells. However, with the help of machine learning algorithms, webshells can be detected more efficiently and accurately. In this paper, we propose a new PHP webshell detection model, the NB-Opcode (naïve Bayes and opcode sequence) model, which is a combination of naïve Bayes classifiers and opcode sequences. Through experiments and analysis on a large number of samples, the experimental results show that the proposed method could effectively detect a range of webshells. Compared with the traditional webshell detection methods, this method improves the efficiency and accuracy of webshell detection.
| Original language | English |
|---|---|
| Article number | 12 |
| Number of pages | 16 |
| Journal | Future Internet |
| Volume | 12 |
| Issue number | 1 |
| DOIs | |
| Publication status | Published - 14 Jan 2020 |
Keywords
- Webshell attacks
- Machine learning
- Naive Bayes
- Opcode sequence