Webshell detection method and system based on machine learning and dynamic and static analysis

A machine learning and detection method technology, applied in machine learning, transmission systems, instruments, etc., can solve the problems of difficult and rapid detection and identification of webshells, missed webshells, easy modification and deformation, etc., to achieve good text confusion methods, accurate classification, Extract the full effect of features

Active Publication Date: 2018-02-02
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Since Webshells are mostly written in scripting languages, they are easy to modify and deform. Their features are not limited to feature codes, but also include file operation functions, malicious execution functions, file comment size, single-line string length, and degree of confusion. When the feature code is deliberately confused, the traditional method will miss this type of Webshell, that is, it is easy to bypass the detection of firewalls and anti-virus software through obfuscation, so the current Webshell detection method based on feature matching is difficult to quickly detect and identify Webshells. variant
[0004] Therefore, how to overcome the singleness and hysteresis of the traditional webshell detection method based on signature matching, deal with the text obfuscation method of webshell, and realize the rapid detection of webshell and its variants have always been the focus of attention of those skilled in the art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Webshell detection method and system based on machine learning and dynamic and static analysis
  • Webshell detection method and system based on machine learning and dynamic and static analysis
  • Webshell detection method and system based on machine learning and dynamic and static analysis

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0036] Please refer to figure 2 , is a functional block diagram of the Webshell detection system 400 based on machine learning and dynamic and static analysis provided by the first embodiment of the present invention. The Webshell detection system 400 based on machine learning and dynamic and static analysis includes a sample acquisition module 410 , a feature extraction module 420 and a model building module 430 .

[0037] The sample obtaining module 410 is used for obtaining sample files. In this embodiment, the sample files include a large number of Webshell samples and normal website samples, wherein the types of the Webshell samples include: Trojans written in multiple languages ​​such as ASP Trojans, PHP Trojans, and JSP Trojans. It can be divided into one-sentence Trojan horse, picture code, functional upload to Malaysia, etc.; normal website samples are various CMS in PHP language, or the original code of the website that needs to be tested, etc., which is not limite...

no. 2 example

[0055] Please refer to Figure 5 , is a schematic flow chart of the Webshell detection method based on machine learning and dynamic and static analysis provided by the second embodiment of the present invention. It should be noted that the Webshell detection method based on machine learning and dynamic and static analysis described in the embodiment of the present invention does not use Figure 5 And the specific sequence described below is limited, and its basic principles and technical effects are the same as those of the first embodiment. For brief description, the parts not mentioned in this embodiment can refer to the corresponding content in the first embodiment. It should be understood that in other embodiments, the order of some steps in the webshell detection method based on machine learning and dynamic and static analysis described in the present invention can be exchanged according to actual needs, or some steps can also be omitted or deleted. The following will be...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a Webshell detection method and system based on machine learning and dynamic and static analysis and relates to the technical field of Webshell detection. Themethod comprises the steps of obtaining sample files; extracting static characteristics and dynamic characteristics of the sample files; and obtaining a classification model according to the static characteristics, the dynamic characteristics and a machine learning algorithm, wherein the classification model analyzes to-be-detected files and obtains detection results. According to the method and the system, through adoption a dynamic and static combined analysis method, the characteristics are extracted relatively comprehensively; a great number of Webshell samples and normal webpage samples are learned to form the classification model through adoption of various classification algorithm combined machine learning algorithm; the classification model is high in stability and accurate in classification; through adoption of the classification model, Webshells and variants thereof can be effectively detected; new-type Webshells are predicted; a text mixing method can be coped with well; andthe deficiency resulting from traditionally adopting a characteristic code matching detection mode can be compensated.

Description

technical field [0001] The invention relates to the technical field of Webshell detection, in particular to a method and system for detecting Webshells based on machine learning and dynamic and static analysis. Background technique [0002] With the vigorous development of Internet applications and the rapid growth of Internet data, server security issues are becoming increasingly serious, and web application-based backdoor programs such as Webshell are extremely harmful to user information and even the entire application system, so timely detection and discovery of server vulnerabilities And backdoors, it is very important to ensure the security of the server. [0003] Since Webshells are mostly written in scripting languages, they are easy to modify and deform. Their features are not limited to feature codes, but also include file operation functions, malicious execution functions, file comment size, single-line string length, and degree of confusion. When the feature cod...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08G06F17/30G06N99/00
CPCG06F16/35G06N20/00H04L63/1425H04L67/02
Inventor 唐佳莉范渊莫金友
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap