Webshell detection method based on deep neural network, and system thereof

A technology of deep neural network and detection method, which is applied in the field of WebShell detection method and system of recursive neural network, which can solve problems such as false positives and high overhead

Active Publication Date: 2017-12-26
BEIJING ANPRO INFORMATION TECH
View PDF3 Cites 53 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method requires a lot of overhead, and there is also the possibility of false positives; and it can only detect the behavior of uploading WebShell, but it is powerless for the existing WebShell

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method based on deep neural network, and system thereof
  • Webshell detection method based on deep neural network, and system thereof
  • Webshell detection method based on deep neural network, and system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0134] This program adopts a supervised training method. The mainstream method for training deep neural networks is stochastic gradient descent (SGD) and its variants. This method inputs a group of training samples into the neural network each time, and uses the value of the objective function to update the parameters of the neural network until the value of the objective function converges. The specific update method is to move all the parameters in the neural network a small step along the direction of gradient descent of the objective function (the opposite direction of the derivative).

[0135] The sample set of this example is selected. The sample set contains a large number of normal scripts and 6669 WebShell scripts. 100,000 scripts are extracted from the normal sample set for training token word vectors. The remaining normal scripts are randomly selected 6669, and together with all WebShell scripts, they form the training set for the classification problem.

[0136] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Webshell detection method based on a deep neural network, and a system thereof. A recursion loop neural network based on an abstract syntax tree automatically obtains the morphology and grammar information of a script by aiming at a script language, the hierarchical structure characteristics of the abstract syntax tree is used for finishing feature abstraction and WebShell detection, including preprocessing, sample generation and WebShell detection; firstly, the morphology and grammar information of the script is automatically obtained, and then, the recursion loop neural network based on the abstract syntax tree is used for finishing the feature abstraction and the WebShell detection. The method disclosed by the invention has the advantages of being low in deployment cost, good in portability and high in detection accuracy.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a WebShell detection method based on an abstract syntax tree-based recursive cyclic neural network and a system thereof. Background technique [0002] WebShell is a command execution environment that exists in the form of web pages, and is often used by intruders as a backdoor tool for operating web servers. The attacker obtains the management authority of the Web service through the WebShell, thereby achieving the penetration and control of the Web application. [0003] Since the characteristics of WebShell and ordinary Web pages are almost the same, it can evade the detection of traditional firewalls and antivirus software. Moreover, with the application of various anti-detection feature obfuscation and concealment technologies to WebShell, it is difficult to detect new variants in a timely manner by traditional detection methods based on signature matching. [0...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F11/36G06F9/45G06N3/04
CPCG06F8/42G06F8/425G06F11/3688G06F21/563G06F21/566G06N3/045
Inventor 张涛齐龙晨宁戈
Owner BEIJING ANPRO INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap