Telecommunications Science ›› 2020, Vol. 36 ›› Issue (6): 125-132.doi: 10.11959/j.issn.1000-0801.2020158

• Research and Development • Previous Articles     Next Articles

Method of Webshell detection based on multi-view feature fusion

Feng LIN1,Liujing XU2,Xiaohua CHEN3,Weiqiang QI2,Ke CHEN2,Tiantian ZHU4   

  1. 1 Department of Science and Technology,Zhejiang Institute of Economics and Trade,Hangzhou 310018,China
    2 Information and Communications Branch,State Grid Zhejiang Electric Power Company,Hangzhou 310007,China
    3 School of Information and Engineering,Huzhou Teachers College,Huzhou 313002,China
    4 College of Computer Science and Technology,Zhejiang University of Technology,Hangzhou 310023,China
  • Revised:2020-05-15 Online:2020-06-20 Published:2020-06-18
  • Supported by:
    The National Natural Science Foundation of China(61772026);The National Natural Science Foundation of China(U1936215)

Abstract:

Webshell is a malicious script file on the Web.It is usually uploaded by the attacker to the target server to achieve the purpose of illegal access control.In order to overcome the shortcoming of the existing Webshell detection methods,such as single network traffic behavior,simple by passed signature comparison,and easily bypassed signature comparison,a method of Webshell detection based on multi-view feature fusion for PHP Webshell detecting was proposed.Firstly,multiple features including lexical features,syntactic features,and abstract features were extracted.Secondly,fisher score was used to sort and filter all features according to the degree of importance.Finally,a model that can effectively distinguish Webshell from normal scripts was established through SVM.The large-scale experiment in real-world scenario shows that the final accuracy of our model can reach 92.1%.

Key words: Webshell detection, multi-view feature fusion, feature selection and filtering, machine learning

CLC Number: 

No Suggested Reading articles found!