Chinese Journal of Network and Information Security ›› 2017, Vol. 3 ›› Issue (4): 51-57.doi: 10.11959/j.issn.2096-109x.2017.00126

• Papers • Previous Articles     Next Articles

Machine learning algorithm for intelligent detection of WebShell

Hua DAI(),Jing LI,Xin-dai LU,Xin SUN()   

  1. Electric Power Research Institute of Zhejiang Electric Power Corporation,Hangzhou 310000,China
  • Revised:2016-12-08 Online:2017-04-01 Published:2017-04-14
  • Supported by:
    The National Natural Science Foundation of China(61472113);The Outstanding Youth Fund of Zhejiang Province(LR14F020003)

Abstract:

WebShell is a common tool for network intrusions,which has the characteristics of great harm and good concealment.The current detection method is relatively simple,and easy to be bypassed,so it is difficult to deal with complex and flexible WebShell.To solve these problems,a supervised machine learning algorithm was put forward to detect WebShell intelligently.By learning the features of existing WebShell and non-existing WebShell pages,the algorithm can make prediction of the unknown pages,and the flexibility and adaptability were both very good.Compared with the traditional WebShell detection methods,the experiment proves that the algorithm has higher detection efficiency and accuracy,and at the same time there is a certain probability to detect new types of WebShell.

Key words: WebShell detection, matrix decomposition, feature training

CLC Number: