Webshell malicious traffic detection method based on multi-feature fusion
Webshell is the most common malicious backdoor program for persistent control of Web application systems, which poses a huge threat to the safe operation of Web servers.For most Webshell detection method based on the request packet data for training, the method for web-based Webshell recognition eff...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2021-12-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021103 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529820843868160 |
|---|---|
| author | Yuan LI Yunpeng WANG Tao LI Baoqiang MA |
| author_facet | Yuan LI Yunpeng WANG Tao LI Baoqiang MA |
| author_sort | Yuan LI |
| collection | DOAJ |
| description | Webshell is the most common malicious backdoor program for persistent control of Web application systems, which poses a huge threat to the safe operation of Web servers.For most Webshell detection method based on the request packet data for training, the method for web-based Webshell recognition effect is poorer, and the model of training efficiency is low.In response to the above problems, a Webshell malicious traffic detection method based on multi-feature fusion was proposed.The method was characterized by the three dimensions of Webshell packet meta information, packet payload content and traffic access behavior.Combining domain knowledge, feature extraction of request and response packets in the data stream.Transformed into feature extraction information for information fusion, forming a discriminant model that could detect different types of attacks.Compared with the previous research method, the accuracy rate of the method here in the two classification of normal and malicious traffic has been improved to 99.25%.The training efficiency and detection efficiency have also been significantly improved, and the training time and detection time have been reduced by 95.73% and 86.14%. |
| format | Article |
| id | doaj-art-bce0bcfc2a344efbb72b5c11756eabad |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2021-12-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-bce0bcfc2a344efbb72b5c11756eabad2025-01-15T03:15:24ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2021-12-01714315459570128Webshell malicious traffic detection method based on multi-feature fusionYuan LIYunpeng WANGTao LIBaoqiang MAWebshell is the most common malicious backdoor program for persistent control of Web application systems, which poses a huge threat to the safe operation of Web servers.For most Webshell detection method based on the request packet data for training, the method for web-based Webshell recognition effect is poorer, and the model of training efficiency is low.In response to the above problems, a Webshell malicious traffic detection method based on multi-feature fusion was proposed.The method was characterized by the three dimensions of Webshell packet meta information, packet payload content and traffic access behavior.Combining domain knowledge, feature extraction of request and response packets in the data stream.Transformed into feature extraction information for information fusion, forming a discriminant model that could detect different types of attacks.Compared with the previous research method, the accuracy rate of the method here in the two classification of normal and malicious traffic has been improved to 99.25%.The training efficiency and detection efficiency have also been significantly improved, and the training time and detection time have been reduced by 95.73% and 86.14%.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021103multi-featurefeature fusionWebShell detectionensemble learning |
| spellingShingle | Yuan LI Yunpeng WANG Tao LI Baoqiang MA Webshell malicious traffic detection method based on multi-feature fusion 网络与信息安全学报 multi-feature feature fusion WebShell detection ensemble learning |
| title | Webshell malicious traffic detection method based on multi-feature fusion |
| title_full | Webshell malicious traffic detection method based on multi-feature fusion |
| title_fullStr | Webshell malicious traffic detection method based on multi-feature fusion |
| title_full_unstemmed | Webshell malicious traffic detection method based on multi-feature fusion |
| title_short | Webshell malicious traffic detection method based on multi-feature fusion |
| title_sort | webshell malicious traffic detection method based on multi feature fusion |
| topic | multi-feature feature fusion WebShell detection ensemble learning |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021103 |
| work_keys_str_mv | AT yuanli webshellmalicioustrafficdetectionmethodbasedonmultifeaturefusion AT yunpengwang webshellmalicioustrafficdetectionmethodbasedonmultifeaturefusion AT taoli webshellmalicioustrafficdetectionmethodbasedonmultifeaturefusion AT baoqiangma webshellmalicioustrafficdetectionmethodbasedonmultifeaturefusion |