关键词: WebShell, 特征处理, 近邻成分分析, ReliefF算法

Abstract:

In order to solve the problems of “dimensional disaster” and  poor detection of WebShell samples in text vectorization processing, the paper proposes a WebShell feature processing algorithm based on Nearest Neighborhood Component Analysis（NCA）. This method automatically learns the projection matrix through NCA, and completes the reduction of the high-dimensional feature space while retaining the global information. In order to avoid relying too much on the overall training sample, the ReliefF feature selection method is used to further optimize feature processing from the perspective of local information and improve WebShell model checking performance. Experiments show that the WebShell feature processing method based on nearest neighborhood component analysis can effectively detect WebShell, and is superior to the WebShell detection model of most traditional feature processing algorithms in accuracy and recall rate.

Key words: WebShell, feature processing, neighborhood component analysis, ReliefF algorithm