摘要
Webshell是攻击者使用的恶意脚本,其目的是升级和维护对已经受到攻击的Web应用程序的持久访问。然而,传统检测方法对于加密、混淆后的Webshell的识别效果较差。针对这一问题,提出了一种基于卷积神经网络的检测方法。该方法首先获得PHP文件对应的opcode,然后通过Word2vec算法得到字节码序列的特征词向量,最后经过卷积神经网络处理得到检测结果。实验结果表明,该方法在检测变种Webshell方面的表现优于其他算法,也证明了该方法的可行性和有效性。
Webshell is a malicious script used by attackers to upgrade and maintain persistent access to a compromised web application.However,the traditional detection method has a poor recognition effect on the encrypted and confusing Webshell.In response to this problem,this paper proposes a detection method based on convolutional neural network. Firstly the method obtains the opcode corresponding to the PHP file,and then obtains the feature word vector of the bytecode sequence through the Word2vec algorithm,and finally obtains the detection result through the convolutional neural network.The experimental results show that the proposed method outperforms other algorithms in detecting deformed Webshell,and it also proves the feasibility and effectiveness of the method.
作者
姜天
Jiang Tian(Wuhan Research Institute of Posts and Telecommunications,Wuhan 430074,China)
出处
《信息技术与网络安全》
2019年第7期27-31,共5页
Information Technology and Network Security
