A PHP and JSP web shell detection system with text processing based on machine learning

Han Zhang, Ming Liu, Zihan Yue, Zhi Xue, Yong Shi, Xiangjian He

Research output: Chapter in Book/Conference proceedingConference contributionpeer-review

7 Citations (Scopus)

Abstract

Web shell is one of the most common network attack methods, and traditional detection methods may not detect complex and flexible variants of web shell attacks. In this paper, we present a comprehensive detection system that can detect both PHP and JSP web shells. After file classification, we use different feature extraction methods, i.e. AST for PHP files and bytecode for JSP files. We present a detection model based on text processing methods including TF-IDF and Word2vec algorithms. We combine different kinds of machine learning algorithms and perform a comprehensively controlled experiment. After the experiment and evaluation, we choose the detection machine learning model of the best performance, which can achieve a high detection accuracy above 98%.

Original languageEnglish
Title of host publicationProceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
EditorsGuojun Wang, Ryan Ko, Md Zakirul Alam Bhuiyan, Yi Pan
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1584-1591
Number of pages8
ISBN (Electronic)9781665403924
DOIs
Publication statusPublished - Dec 2020
Externally publishedYes
Event19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 - Guangzhou, China
Duration: 29 Dec 20201 Jan 2021

Publication series

NameProceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020

Conference

Conference19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
Country/TerritoryChina
CityGuangzhou
Period29/12/201/01/21

Keywords

  • AST
  • Bytecode
  • Machine Learning
  • Opcode
  • Web Shell
  • XGBoost

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'A PHP and JSP web shell detection system with text processing based on machine learning'. Together they form a unique fingerprint.

Cite this