Webshell detection method based on deep neural network, and system thereof

Abstract

The invention discloses a Webshell detection method based on a deep neural network, and a system thereof. A recursion loop neural network based on an abstract syntax tree automatically obtains the morphology and grammar information of a script by aiming at a script language, the hierarchical structure characteristics of the abstract syntax tree is used for finishing feature abstraction and WebShell detection, including preprocessing, sample generation and WebShell detection; firstly, the morphology and grammar information of the script is automatically obtained, and then, the recursion loop neural network based on the abstract syntax tree is used for finishing the feature abstraction and the WebShell detection. The method disclosed by the invention has the advantages of being low in deployment cost, good in portability and high in detection accuracy.

Description

technical field

[0001] The invention relates to the technical field of information security, in particular to a WebShell detection method based on an abstract syntax tree-based recursive cyclic neural network and a system thereof. Background technique

[0002] WebShell is a command execution environment that exists in the form of web pages, and is often used by intruders as a backdoor tool for operating web servers. The attacker obtains the management authority of the Web service through the WebShell, thereby achieving the penetration and control of the Web application.

[0003] Since the characteristics of WebShell and ordinary Web pages are almost the same, it can evade the detection of traditional firewalls and antivirus software. Moreover, with the application of various anti-detection feature obfuscation and concealment technologies to WebShell, it is difficult to detect new variants in a timely manner by traditional detection methods based on signature matching. [0...

Images