基于深度学习的Webshell检测

计算机工程与科学 ›› 2022, Vol. 44 ›› Issue (06): 994-1002.

• 计算机网络与信息安全 • 上一篇下一篇

基于深度学习的Webshell检测

车生兵，张光琳

(中南林业科技大学计算机与信息工程学院,湖南长沙 410004)

收稿日期:2020-07-14 修回日期:2021-03-02 接受日期:2022-06-25 出版日期:2022-06-25 发布日期:2022-06-17
基金资助:
国家自然科学基金（31870532）

Webshell detection based on deep learning

CHE Sheng-bing，ZHANG Guang-lin

(School of Computer and Information Engineering,Central South University of Forestry and Technology,Changsha 410004,China)

Received:2020-07-14 Revised:2021-03-02 Accepted:2022-06-25 Online:2022-06-25 Published:2022-06-17

摘要/Abstract

摘要： 以AWD攻防中Webshell检测为背景，在超空间利用模糊C均值聚类分析发现了攻击向量全局稀疏、局部紧密的特点，提出了2种深度学习模型。由于GitHub收集的攻击行为多为随机获取，没有很好的针对性，所以对训练数据的长度进行了限制，并保留了有限的相关样本数量。由于一次攻击与相邻的2~4次操作紧密相关，而且攻击向量垂直方向关联特征明显，水平方向相对稳定，考虑到特征向量在传递过程中规模会减小，增加了卷积层的补零选项。针对深度学习训练曲线中的锯齿振荡现象，证明了Adam优化算法的快速计算公式，并修正了学习参数，不断消除了训练的Loss曲线中的锯齿，使得训练曲线按照指数规律平滑下降，迅速得到需要的训练结果。将目前已有的类似工作与提出的2种深度学习模型进行对比。实验结果表明，提出的的深度学习模型能够很好地检测出AWD中的Webshell攻击。

关键词: 深度学习, Web安全, Webshell

Abstract: Based on Webshell detection in AWD offensive and defensive competition, fuzzy C-means clustering is used to analyze Webshell in hyperspace, and find that the attack vector is globally sparse and locally closely related. Two deep learning models are proposed for Webshell detection. Since most of the Webshells collected by GitHub are obtained randomly and are not well targeted, the length of the training data is limited and a limited number of relevant samples are retained. Because one attack is closely related to the adjacent 2 to 4 operations, the attack vector has obvious correlation characteristics in the vertical direction, and the horizontal direction is relatively stable, considering that the scale of the feature vector will be reduced during the transfer process, the zero padding of the convolutional layer is increased. Aiming at the sawtooth oscillation phenomenon of the deep learning training curve, the fast calculation formula of the Adam optimization algorithm is proved, and the learning parameters are corrected, which continuously eliminates the sawtooth in the training Loss curve, and maks the training curve drop smoothly according to the exponential law. The training results are obtained soon. Experiments are conducted to compare the two deep learning models with existing similar detection models. The experimental results show that the proposed deep learning models can better detect Webshell attacks in AWD.

Key words: deep learning, Web security, Webshell

车生兵, 张光琳. 基于深度学习的Webshell检测[J]. 计算机工程与科学, 2022, 44(06): 994-1002.

CHE Sheng-bing, ZHANG Guang-lin . Webshell detection based on deep learning[J]. Computer Engineering & Science, 2022, 44(06): 994-1002.

参考文献［11］

［1］	Sun X,Lu X,Dai H.A matrix decomposition based detection method［C］∥Proc of the 2017 International Conference on Cryptography,Security and Privacy,2017: 66-70.
［2］	Zhu Wei-wei,Hu Yong. Webshell detection method based on NN-SVM ［J］.Communications & Information Technology,2015(2):55-58.(in Chinese)
［3］	Hu Jian-kang,Xu Zhen,Ma Duo-he,et al.Research of Webshell detection based on decision tree ［J］.Journal of Network New Media,2012,1(6):15-19.(in Chinese)
［4］	Yi Nan, Fang Yong,Huang Cheng,et al.Semantics-based Webshell detection method research［J］.Journal of Information Security Research,2017,3(2):145-150.(in Chinese)
［5］	Xu Xiao-bo,Nie Xiao-ming.A method of detecting Webshell based on multi-layer perception［J］.Communications Technology,2018,51(4): 895-900.(in Chinese)
［6］	Guo Y J,Marco-Gisbert H,Keir P,et al.Mitigating Webshell attacks through machine learning techniques［J］.Future Internet,2016,12(1):1-16.
［7］	Fu Jian-ming,Li Lin, Wang Ying-jun.Research of Webshell detection based on CNN［J］.Journal of Zhengzhou University(Natural Science Edition),2019,51(2):1-8.(in Chinese)
［8］	Zhang Han,Xue Zhi,Shi Yong.Improved method of detect- ing Webshell based on multi-layer perception［J］.Communications Technology,2019,52(1):179-183.(in Chinese)
［9］	Jiang Tian.Research on Webshell detection method based on convolutional neural network ［J］.Information Technology and Network Security,2019,38(7):27-31.(in Chinese)
［10］	Lü Z H,Yan H B,Mei R. Automatic and accurate detection of Webshell based on convolutional neural network［C］∥Proc of the 15th International Annual Conference on China Cyber Security (CNCERT),2018:73-85.
［11］	Zhou Long,Wang Chen,Shi Yin.Research of Webshell detection based on RNN［J］.Computer Engineering and Applications,2020,56(14):88-92.(in Chinese)
［12］	Krizhevsky A,Sutskever I,Hinton G E.ImageNet classification with deep convolutional neural networks［J］.Communications of the ACM,2017,60(6):84-90.
［13］	Kingma D P, Ba J L.ADAM: A method for stochastic optimization［J］.arXiv:1412.6980v8,2015.
［14］	Hochreiter S,Schmidhuber J.Long short-term memory［J］.Neural Computation,1997,9(8): 1735-1780.
［15］	Buckman J,Roy A,Raffel C,et al.Thermometer encoding: One hot way to resist adversarial examples［C］∥Proc of the 6th International Conference on Learning Representations,2018:1.
	附中文参考文献:
［2］	朱魏魏,胡勇.基于 NN-SVM 的 Webshell 检测方法［J］.通信与信息技术,2015(2):55-58.
［3］	胡建康,徐震,马多贺,等.基于决策树的Webshell检测方法研究［J］.网络新媒体技术,2012,1(6):15-19.
［4］	易楠,方勇,黄诚等.基于语义分析的Webshell检测技术研究［J］.信息安全研究,2017,3(2):145-150.
［5］	胥小波,聂小明.基于多层感知器神经网络的Webshell检测方法［J］.通信技术,2018,51(4): 895-900.
［7］	傅建明,黎琳，王应军.基于CNN的Webshell文件检测［J］.郑州大学学报 (理学版),2019,51(2):1-8.
［8］	张涵,薛质,施勇.基于多层神经网络的Webshell改进检测方法研究［J］.通信技术,2019,52(1):179-183.
［9］	姜天.基于卷积神经网络的Webshell检测方法研究［J］.信息技术与网络安全,2019,38(7):27-31.
［11］	周龙，王晨，史崯.基于RNN的Webshell检测研究［J］.计算机工程与应用,2020,56(14):88-92.

[1]	易啸, 马胜, 肖侬. 深度学习加速器在不同剪枝策略下的运行优化[J]. 计算机工程与科学, 2023, 45(07): 1141-1148.
[2]	康宇晗, 时洋, 陈照云, 文梅. 面向迈创+MatrixZone异构系统的深度学习编程框架[J]. 计算机工程与科学, 2023, 45(07): 1149-1158.
[3]	刘浩翰, 孙铖, 贺怀清, 惠康华. 基于改进YOLOv3的金属表面缺陷检测[J]. 计算机工程与科学, 2023, 45(07): 1226-1235.
[4]	王霞, 徐慧英, 朱信忠. 一种基于谱归一化的两阶段堆叠结构生成对抗网络的文本生成图像模型[J]. 计算机工程与科学, 2022, 44(06): 1083-1089.
[5]	王栋, 杨珂, 玄佳兴, 韩雨桐, 赵丽花, 王旭仁. 基于半监督生成对抗网络的恶意代码家族分类实现[J]. 计算机工程与科学, 2022, 44(05): 826-833.
[6]	李利荣, 王子炎, 张开, 杨荻椿, 熊炜, 巩朋成, . 基于OSE-dResnet网络的列车底部零件检测算法[J]. 计算机工程与科学, 2022, 44(04): 692-698.
[7]	卜冠华, 周礼亮, 李昊, 张敏 . 基于深度学习的GPS轨迹去匿名研究[J]. 计算机工程与科学, 2022, 44(02): 244-250.
[8]	罗磊, 陈照云, 王俪璇. 用户QoS感知的GPU集群深度学习任务动态调度[J]. 计算机工程与科学, 2021, 43(08): 1331-1340.
[9]	冯〓锴,林柏钢. 跨站脚本漏洞的白盒测试框架的设计和实现[J]. J4, 2011, 33(10): 45-50.
[10]	李庆华[1] 姚静[1,2] 赵峰[1,2]. 基于主动秘密共享的Web容侵策略研究[J]. J4, 2006, 28(8): 34-35.

基于深度学习的Webshell检测

Webshell detection based on deep learning

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献［11］

相关文章 10

编辑推荐

Metrics

本文评价

基于深度学习的Webshell检测

Webshell detection based on deep learning

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献 ［11］

相关文章 10

编辑推荐

Metrics

本文评价

参考文献［11］