基于BERT和XGBoost的Webshell检测方案  

Webshell detection scheme based on BERT and XGBoost

在线阅读下载全文

作  者:张育铭 李浩华 郭现峰 ZHANG Yu-ming;LI Hao-hua;GUO Xian-feng(School of Computer Science and Engineering,Southwest Minzu University,Chengdu 610041,China)

机构地区:[1]西南民族大学计算机科学与工程学院,四川成都610041

出  处:《西南民族大学学报(自然科学版)》2024年第2期171-176,共6页Journal of Southwest Minzu University(Natural Science Edition)

基  金:四川省教育厅重点项目(18ZA0512);四川省科技厅项目(2017JY0230);西南民族大学中央高校基本科研业务费专项(2021NYYXS54)。

摘  要:Web服务的后门程序Webshell是黑客攻击的常用手段.传统的检测方法在检测经过变种、混淆加密的Web-shell后门时存在漏检率和误报率较高的缺陷.为解决这一问题,融合BERT和XGBoost的特性设计了一种新的检测方法,能极大地提升Webshell后门程序的检测准确率.在检测中把经过预处理的Webshell样本文件使用BERT模型提取词向量特征,并使用集成学习算法XGBoost进行分类训练,得到一个较优的检测模型,最后利用该模型能有效的实现各种Webshell恶意程序检测.相对于基于传统机器学习的检测模型,我们提出的综合Webshell检测方法在精确度、查全率和F1值等各项指标上均展现出优异的性能,其检测的准确性高达97.75%.Webshell,the backdoor program of Web services,is a common means of hacker attack.The traditional detection meth-ods have the defects of high missed detection rate and false positive rate when detecting the Webshell backdoor which is mutated and confused-encrypted.To solve this problem,this paper integrated BERT and XGBoost features to design a new detection method,which could greatly improve the detection accuracy of Webshell backdoor program.In the detection,the word vector fea-tures were extracted from the preprocessed Webshell sample files using BERT model,and the integrated learning algorithm XG-Boost was used for classification training,so as to obtain an optimal detection model.Finally,the model could effectively detect various Webshell malicious programs.Compared with the detection model based on traditional machine learning algorithm,the proposed fusion Webshell detection method had better performance in the aspects of precision,recall and F1 value,and the de-tection accuracy reached 97.75%.

关 键 词:WEBSHELL BERT XGBoost 特征提取 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象