Session-Based Webshell Detection Using Machine Learning in Web Logs
Joint Authors
Huang, Cheng
Wu, Yixin
Sun, Yuqiang
Jia, Peng
Liu, Luping
Source
Security and Communication Networks
Issue
Vol. 2019, Issue 2019 (31 Dec. 2019), pp.1-11, 11 p.
Publisher
Hindawi Publishing Corporation
Publication Date
2019-11-22
Country of Publication
Egypt
No. of Pages
11
Main Subjects
Information Technology and Computer Science
Abstract EN
Attackers upload webshell into a web server to achieve the purpose of stealing data, launching a DDoS attack, modifying files with malicious intentions, etc.
Once these objects are accomplished, it will bring huge losses to website managers.
With the gradual development of encryption and confusion technology, the most common detection approach using taint analysis and feature matching might become less useful.
Instead of applying source file codes, POST contents, or all received traffic, this paper demonstrated an intelligent and efficient framework that employs precise sessions derived from the web logs to detect webshell communication.
Features were extracted from the raw sequence data in web logs while a statistical method based on time interval was proposed to identify sessions specifically.
Besides, the paper leveraged long short-term memory and hidden Markov model to constitute the framework, respectively.
Finally, the framework was evaluated with real data.
The experiment shows that the LSTM-based model can achieve a higher accuracy rate of 95.97% with a recall rate of 96.15%, which has a much better performance than the HMM-based model.
Moreover, the experiment demonstrated the high efficiency of the proposed approach in terms of the quick detection without source code, especially when it only considers detecting for a period of time, as it takes 98.5% less time than the cited related approach to get the result.
As long as the webshell behavior is detected, we can pinpoint the anomaly session and utilize the statistical method to find the webshell file accurately.
American Psychological Association (APA)
Wu, Yixin& Sun, Yuqiang& Huang, Cheng& Jia, Peng& Liu, Luping. 2019. Session-Based Webshell Detection Using Machine Learning in Web Logs. Security and Communication Networks،Vol. 2019, no. 2019, pp.1-11.
https://search.emarefa.net/detail/BIM-1210360
Modern Language Association (MLA)
Wu, Yixin…[et al.]. Session-Based Webshell Detection Using Machine Learning in Web Logs. Security and Communication Networks No. 2019 (2019), pp.1-11.
https://search.emarefa.net/detail/BIM-1210360
American Medical Association (AMA)
Wu, Yixin& Sun, Yuqiang& Huang, Cheng& Jia, Peng& Liu, Luping. Session-Based Webshell Detection Using Machine Learning in Web Logs. Security and Communication Networks. 2019. Vol. 2019, no. 2019, pp.1-11.
https://search.emarefa.net/detail/BIM-1210360
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references
Record ID
BIM-1210360