A Webshell Detection Technology Based on HTTP Traffic Analysis

  • Wenchuan Yang
  • Bang SunEmail author
  • Baojiang Cui
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 773)


Webshell is a common backdoor program of web applications. After an attacker uploads Webshell successfully by using a vulnerability. Attacker can get a command execution environment to control the web server by access Webshell. In this paper, an attack detection technology based on SVM algorithm is proposed by analyzing the network traffic of attackers accessing Webshell. This technology realizes the detection of Webshell attack traffic in HTTP traffic by means of the method of supervised machine learning model. And this technology achieves high accuracy and recall rate. After detecting abnormal traffic, the system can locate the Webshell according to traffic information. And eliminate the backdoor in time to ensuring the security and stability of the web server. So it also can help to monitor the trend of intrusion and network security.


  1. 1.
    Duan, L.H., Zhang, Z.F., Chen, et al.: Survey of web backdoor detection and protection. Institute of Computer Science and Technology of Peking University, pp. 893–899 (2014)Google Scholar
  2. 2.
    Jian, K., Ma, D., et al.: Research on Webshell detection method based on decision tree. Netw. New Media Technol. 6, 15–19 (2012). Scholar
  3. 3.
    Biwei, H.: Research on Webshell detection method based on Bayesian theory. Sci. Technol. Square 6, 66–70 (2016). Scholar
  4. 4.
    Chen, J.-X.: A Method for Detecting Webshell on Windows Platform, pp. 533–535 (2011)Google Scholar
  5. 5.
    Du, H., Fang, Y.: PHP real time dynamic detection of Webshell. Netw. Secur. Technol. Appl. 12, 120–121, 125 (2014). Michalewi
  6. 6.
    Tu, R.D., Guang, C., Xiaojun, G., et al.: Webshell detection techniques in web applications, pp. 1–7. School of Computer Science & Engineering, Southeast University, Nanjing, China (2014)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  1. 1.School of Cyberspace SecurityBeijing University of Posts and TelecommunicationsBeijingChina
  2. 2.Nation Engineering Laboratory for Mobile Network SecurityBeijing University of Post and TelecommunicationsBeijingChina

Personalised recommendations