Author:
Zhou Aijun,Luktarhan Nurbol,Ai Zhuang
Abstract
The variant, encryption, and confusion of WebShell results in problems in the detection method based on feature selection, such as poor detection effect and weak generalization ability. In order to solve this problem, a method of WebShell detection based on regularized neighborhood component analysis (RNCA) is proposed. The RNCA algorithm can effectively reduce the dimension of data while ensuring the accuracy of classification. In this paper, it is innovatively applied to a WebShell detection neighborhood, taking opcode behavior sequence features as the main research object, constructing vocabulary by using opcode sequence features with variable length, and effectively reducing the dimension of WebShell features from the perspective of feature selection. The opcode sequence selected by the algorithm is symmetrical with the source code file, which has great reference value for WebShell classification. On the issue of the single feature, this paper uses the fusion of behavior sequence features and text static features to construct a feature combination with stronger representation ability, which effectively improves the recognition rate of WebShell to a certain extent.
Subject
Physics and Astronomy (miscellaneous),General Mathematics,Chemistry (miscellaneous),Computer Science (miscellaneous)
Reference23 articles.
1. Analysis Report of China’s Internet Network Security Monitoring Data in the First Half of 2020https://www.cert.org.cn/publish/main/46/index.html
2. Internet Usage and Social Media Statisticshttps://www.internetlivestats.com/
3. PHP Shell Detectorhttps://github.com/emposha/PHP-Shell-Detector
4. Research on WebShell detection method based on correlation analysis;Zhou;Inf. Secur. Res.,2018
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献