一种基于多视角特征融合的Webshell检测方法  被引量:1

Method of Webshell detection based on multi-view feature fusion

在线阅读下载全文

作  者:林锋[1] 徐柳婧 陈晓华 戚伟强 陈可 朱添田 LIN Feng;XU Liujing;CHEN Xiaohua;QI Weiqiang;CHEN Ke;ZHU Tiantian(Department of Science and Technology,Zhejiang Institute of Economics and Trade,Hangzhou 310018,China;Information and Communications Branch,State Grid Zhejiang Electric Power Company,Hangzhou 310007,China;School of Information and Engineering,Huzhou Teachers College,Huzhou 313002,China;College of Computer Science and Technology,Zhejiang University of Technology,Hangzhou 310023,China)

机构地区:[1]浙江经贸职业技术学院信息技术系,浙江杭州310018 [2]国网浙江省电力有限公司信息通信分公司,浙江杭州310007 [3]湖州师范学院信息工程学院,浙江湖州313002 [4]浙江工业大学计算机科学与技术学院,浙江杭州310023

出  处:《电信科学》2020年第6期125-132,共8页Telecommunications Science

基  金:国家自然科学基金资助项目(No.61772026,No.U1936215)。

摘  要:Webshell是一种Web端的恶意脚本文件。它通常由攻击者上传至目标服务器来达成其非法的访问控制的目的。现有Webshell检测方法存在诸多不足,如单一的网络流量行为、简易被绕过的签名比对、单一的正则匹配等。针对上述不足之处,基于PHP语言的Webshell,提出了一种基于多视角特征融合的Webshell检测方法,首先,提取包括词法特征、句法特征、抽象特征在内的多种特征;其次,利用费舍尔评分对特征进行重要程度的排序与筛选;最后,通过SVM建立能有效区分Webshell和正常脚本的模型。在大规模的实验中,模型对Webshell和正常样本的最终分类精度达到了92.1%。Webshell is a malicious script file on the Web.It is usually uploaded by the attacker to the target server to achieve the purpose of illegal access control.In order to overcome the shortcoming of the existing Webshell detection methods,such as single network traffic behavior,simple by passed signature comparison,and easily bypassed signature comparison,a method of Webshell detection based on multi-view feature fusion for PHP Webshell detecting was proposed.Firstly,multiple features including lexical features,syntactic features,and abstract features were extracted.Secondly,fisher score was used to sort and filter all features according to the degree of importance.Finally,a model that can effectively distinguish Webshell from normal scripts was established through SVM.The large-scale experiment in real-world scenario shows that the final accuracy of our model can reach 92.1%.

关 键 词:Webshell检测 多视角特征融合 特征选择与提取 机器学习 

分 类 号:TP309.5[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象