A Webshell Detection Technology Based on HTTP Traffic Analysis
Webshell is a common backdoor program of web applications. After an attacker uploads Webshell successfully by using a vulnerability. Attacker can get a command execution environment to control the web server by access Webshell. In this paper, an attack detection technology based on SVM algorithm is proposed by analyzing the network traffic of attackers accessing Webshell. This technology realizes the detection of Webshell attack traffic in HTTP traffic by means of the method of supervised machine learning model. And this technology achieves high accuracy and recall rate. After detecting abnormal traffic, the system can locate the Webshell according to traffic information. And eliminate the backdoor in time to ensuring the security and stability of the web server. So it also can help to monitor the trend of intrusion and network security.
- 1.Duan, L.H., Zhang, Z.F., Chen, et al.: Survey of web backdoor detection and protection. Institute of Computer Science and Technology of Peking University, pp. 893–899 (2014)Google Scholar
- 2.Jian, K., Ma, D., et al.: Research on Webshell detection method based on decision tree. Netw. New Media Technol. 6, 15–19 (2012). https://doi.org/10.3969/j.issn.2095-347X.2012.06.004CrossRefGoogle Scholar
- 3.Biwei, H.: Research on Webshell detection method based on Bayesian theory. Sci. Technol. Square 6, 66–70 (2016). https://doi.org/10.3969/j.issn.1671-4792.2016.06.016CrossRefGoogle Scholar
- 4.Chen, J.-X.: A Method for Detecting Webshell on Windows Platform, pp. 533–535 (2011)Google Scholar
- 5.Du, H., Fang, Y.: PHP real time dynamic detection of Webshell. Netw. Secur. Technol. Appl. 12, 120–121, 125 (2014). https://doi.org/10.3969/j.issn.1009-6833.2014.12.074.4. Michalewi
- 6.Tu, R.D., Guang, C., Xiaojun, G., et al.: Webshell detection techniques in web applications, pp. 1–7. School of Computer Science & Engineering, Southeast University, Nanjing, China (2014)Google Scholar