A PHP and JSP web shell detection system with text processing based on machine learning

Zhang, H; Liu, M; Yue, Z; Xue, Z; Shi, Y; He, X

A PHP and JSP web shell detection system with text processing based on machine learning

Zhang, H Liu, M Yue, Z Xue, Z Shi, Y He, X

Permalink

Publisher:: IEEE
Publication Type:: Conference Proceeding
Citation:: Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, 2020, 00, pp. 1584-1591
Issue Date:: 2020-12-01

Closed Access

	Filename	Description	Size
	A_PHP_and_JSP_Web_Shell_Detection_System_with_Text_Processing_Based_on_Machine_Learning.pdf	Published version	332.09 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Zhang, H
dc.contributor.author	Liu, M
dc.contributor.author	Yue, Z
dc.contributor.author	Xue, Z
dc.contributor.author	Shi, Y
dc.contributor.author	He, X https://orcid.org/0000-0001-8962-540X
dc.date	2020-12-29
dc.date.accessioned	2022-01-04T03:28:23Z
dc.date.available	2022-01-04T03:28:23Z
dc.date.issued	2020-12-01
dc.identifier.citation	Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, 2020, 00, pp. 1584-1591
dc.identifier.isbn	9780738143804
dc.identifier.uri	http://hdl.handle.net/10453/152649
dc.description.abstract	Web shell is one of the most common network attack methods, and traditional detection methods may not detect complex and flexible variants of web shell attacks. In this paper, we present a comprehensive detection system that can detect both PHP and JSP web shells. After file classification, we use different feature extraction methods, i.e. AST for PHP files and bytecode for JSP files. We present a detection model based on text processing methods including TF-IDF and Word2vec algorithms. We combine different kinds of machine learning algorithms and perform a comprehensively controlled experiment. After the experiment and evaluation, we choose the detection machine learning model of the best performance, which can achieve a high detection accuracy above 98%.
dc.language	en
dc.publisher	IEEE
dc.relation.ispartof	Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020
dc.relation.ispartof	IEEE International Conference on Trust, Security and Privacy in Computing and Communications
dc.relation.isbasedon	10.1109/TrustCom50675.2020.00219
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	A PHP and JSP web shell detection system with text processing based on machine learning
dc.type	Conference Proceeding
utslib.citation.volume	00
utslib.location.activity	Guangzhou, China
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Strength - CRIN - Realtime Information Networks
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
utslib.copyright.status	closed_access	*
pubs.consider-herdc	false
dc.date.updated	2022-01-04T03:28:22Z
pubs.finish-date	2021-01-01
pubs.place-of-publication	Piscataway, USA
pubs.publication-status	Published
pubs.start-date	2020-12-29
pubs.volume	00
dc.location	Piscataway, USA

Abstract:

Web shell is one of the most common network attack methods, and traditional detection methods may not detect complex and flexible variants of web shell attacks. In this paper, we present a comprehensive detection system that can detect both PHP and JSP web shells. After file classification, we use different feature extraction methods, i.e. AST for PHP files and bytecode for JSP files. We present a detection model based on text processing methods including TF-IDF and Word2vec algorithms. We combine different kinds of machine learning algorithms and perform a comprehensively controlled experiment. After the experiment and evaluation, we choose the detection machine learning model of the best performance, which can achieve a high detection accuracy above 98%.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/152649