基于RNN的Webshell检测研究

doi:10.3778/j.issn.1002-8331.1904-0420

计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (14): 88-92.DOI: 10.3778/j.issn.1002-8331.1904-0420

基于RNN的Webshell检测研究

周龙，王晨，史崯

1.武汉邮电科学研究院，武汉 430000
2.南京烽火软件科技股份有限公司，南京 210000

出版日期:2020-07-15 发布日期:2020-07-14

Research of Webshell Detection Based on RNN

ZHOU Long, WANG Chen, SHI Yin

1.Wuhan Research Institute of Posts and Telecommunications, Wuhan 430000, China
2.Nanjing Fiberhome Software Polytron Technologies Inc, Nanjing 210000, China

Online:2020-07-15 Published:2020-07-14

摘要/Abstract

摘要：

近年来，互联网行业发展迅速，网络安全的重要性与日俱增。网络安全领域涉及到各种问题，比如恶意代码检测、攻击溯源等，而Webshell作为一种恶意代码，也得到了学术界和业界的关注。Webshell的检测方法除了简单低效的关键词匹配之外，还有各种机器学习算法。Webshell代码经过逃逸技术处理之后，基于关键词匹配的检测算法无法有效检测出Webshell，常规的机器学习算法不能提取深层特征，检测准确率不高。因此，提出基于RNN的Webshell检测方法。实验结果表明，该方法在准确率、漏报率、误报率等指标上优于传统的机器学习算法。

关键词: 网络安全, Webshell, 深度学习

Abstract:

In recent years, the Internet industry has developed rapidly, the importance of cybersecurity is increasing, as time goes by. The field of network security involves many problems, such as malicious code detection, attack tracing, etc. Webshell is a kind of malicious code, has also received some attention from the academic community and industry. In addition to simple and effective keywords matching, some machine learning algorithms have been used to detect Webshell. After the program code of Webshell is processed by escape technology, the Webshell cannot be detected by the algorithms based on keywords matching effectively. However, the deep features of Webshell cannot be extracted by conventional machine learning algorithms. As a consequence, the accuracy of classification may be not accepted by the academic community and industry. Therefore, a detection method based on the recurrent neural networks is proposed. The experimental results show that the proposed method in this paper outperforms the conventional machine learning algorithms, when the detection results are evaluated by classification accuracy, rate of missing report and false alarm rate. The algorithm proposed in this paper can be further improved, because the sequence characteristics are extracted, and the false report rate is high slightly.

Key words: network security, Webshell, deep learning

周龙，王晨，史崯. 基于RNN的Webshell检测研究[J]. 计算机工程与应用, 2020, 56(14): 88-92.

ZHOU Long, WANG Chen, SHI Yin. Research of Webshell Detection Based on RNN[J]. Computer Engineering and Applications, 2020, 56(14): 88-92.

[1]	武文杰，宋文爱，高雪梅，杨吉江，王青，黄丽萍，雷毅. 基于X线的成人OSA计算机辅助诊断综述[J]. 计算机工程与应用, 2021, 57(9): 1-8.
[2]	冉蓉，徐兴华，邱少华，崔小鹏，欧阳斌. 基于深度卷积神经网络的裂纹检测方法综述[J]. 计算机工程与应用, 2021, 57(9): 23-35.
[3]	李晓筱，胡晓光，王梓强，杜卓群. 基于深度学习的实例分割研究进展[J]. 计算机工程与应用, 2021, 57(9): 60-67.
[4]	黄冬宜，杨兵，吴子豪，匡佳一，颜泽明. 用于全市蜂窝流量预测的时空全连接卷积网络[J]. 计算机工程与应用, 2021, 57(9): 168-175.
[5]	周伦钢，孙怡峰，王坤，吴疆，黄维贵，李炳龙. 目标多种多值属性的端端快速识别网络[J]. 计算机工程与应用, 2021, 57(9): 182-190.
[6]	张成，戴俊峰，熊闻心. 融合LeNet-5改进的扫描文档手写日期识别[J]. 计算机工程与应用, 2021, 57(9): 207-211.
[7]	曾春艳，严康，王志锋，余琰，纪纯妹. 深度学习模型可解释性研究综述[J]. 计算机工程与应用, 2021, 57(8): 1-9.
[8]	许德刚，王露，李凡. 深度学习的典型目标检测算法研究综述[J]. 计算机工程与应用, 2021, 57(8): 10-25.
[9]	蒋斌，钟瑞，张秋闻，张焕龙. 采用深度学习方法的非正面表情识别综述[J]. 计算机工程与应用, 2021, 57(8): 48-61.
[10]	赵圆丽，梁志剑. 基于异核卷积双注意机制的立场检测研究[J]. 计算机工程与应用, 2021, 57(8): 119-125.
[11]	李明山，韩清鹏，张天宇，王道累. 改进SSD的安全帽检测方法[J]. 计算机工程与应用, 2021, 57(8): 192-197.
[12]	刘迪，贾金露，赵玉卿，钱育蓉. 基于深度学习的图像去噪方法研究综述[J]. 计算机工程与应用, 2021, 57(7): 1-13.
[13]	杨培伟，周余红，邢岗，田智强，许夏瑜. 卷积神经网络在生物医学图像上的应用进展[J]. 计算机工程与应用, 2021, 57(7): 44-58.
[14]	唐国智，李顶根. 深度学习及时空约束的行人跟踪算法研究[J]. 计算机工程与应用, 2021, 57(7): 121-129.
[15]	李健，孙大松，张备伟. 结合双编码器与对抗训练的图像修复[J]. 计算机工程与应用, 2021, 57(7): 192-197.

基于RNN的Webshell检测研究

Research of Webshell Detection Based on RNN

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics