Deep integrated learning model construction method for malicious WebShell detection

An integrated learning and deep technology, applied in the Internet field, can solve problems such as low detection rate, complexity, and high detection rate, and achieve the effect of ensuring interpretability

Pending Publication Date: 2021-06-11
国药(武汉)医学实验室有限公司
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] C: The machine learning model in the detection of WebShell samples is too simple and the detection rate is not high; the deep learning model is too complex and the detection rate is high, but there is no interpretability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Deep integrated learning model construction method for malicious WebShell detection
  • Deep integrated learning model construction method for malicious WebShell detection
  • Deep integrated learning model construction method for malicious WebShell detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The principles and features of the present invention will be described below with reference to the accompanying drawings, and the exemplary examples are intended to be construed as they are intended to limit the scope of the invention.

[0056] Embodiments of the present invention provide a method of constructing a depth integrated learning model for malicious WebShell detecting, including the following steps,

[0057] A: Data pretreatment section ( figure 1 ):

[0058] 1: Download the model from the Internet and malicious Webshell samples, which will have certain repetitive files in our downloaded files, so we will focus on the files in MD5. First, MD5 encryption is performed, as long as the file content is exactly the same, the generated MD5 value is the same, so that it can be removed according to this principle.

[0059] After the MD5 file of the data set is heavy, it has a total of 571 samples in the WebShell sample, and the normal sample is 5379 samples.

[0060] 2: R...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a deep integrated learning model construction method for malicious WebShell detection, and the method comprises the following steps: acquiring normal samples and malicious WebShell samples, randomly disorganizing the normal samples and the malicious WebShell samples, and dividing the normal samples and the malicious WebShell samples into a training set and a test set according to a proportion of 4: 1; extracting dynamic features and static features of each sample in the training set and the test set, and combining the dynamic features and the static features to obtain a training set feature set and a test set feature set; selecting m base classifiers, and training a deep integrated learning model by using the training set feature set and a K-fold cross validation method to obtain a weight value of each base classifier; and performing model testing by using the test set feature set as the input of the deep integrated learning model to obtain a comprehensive average prediction probability value of a test set sample, and evaluating the deep integrated learning model. The method is based on deep ensemble learning, the detection rate can be improved, and the advantages between machine learning and deep learning can be perfectly absorbed.

Description

Technical field [0001] The present invention relates to the field of Internet technology, and more particularly to a depth integrated learning model construction method for malicious WebShell detection. Background technique [0002] With the rapid development of the Internet, people can get all items that they are booking online, this lifestyle will spread a lot of personal information on various networks, leading to major Internet companies to store and protect them. Data became a big problem. Recently, a large number of hackers use some means that illegally obtain these data for perennial, the most common way to obtain database information for uploading a variety of malicious script files to obtain private information. How to find these malicious files from normal files into a big problem. Among them, the most common malicious PHP files in the website developed in PHP. Therefore, there is a need to malicious PHP file detection method to help web administrators quickly find mali...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/562
Inventor 艾壮陆亚平
Owner 国药(武汉)医学实验室有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap