摘要
Webshell是一种网页后门,目前对其检测方法的研究主要针对php类型,对jsp_webshell检测的研究还比较欠缺。因此,提出了一种基于抽象语法树(Abstract Syntax Tree,AST)和XGBoost的jsp_webshell检测方法,首次将抽象语法树序列特征和GloVe词嵌入算法应用于Webshell检测。首先,对样本进行预处理,得到java抽象语法树序列特征;其次,使用词向量训练算法GloVe,将语法树特征转为词向量;最后,使用XGBoost算法对其进行分类训练。通过与其他方法对比实验表明,该检测方法具有更优的性能,准确率高达98.73%。
Webshell is a kind of web-based backdoors.Current research on webshell detection methods mainly focuses on the php_webshell,but the targeted research on jsp_webshell detection is still lacking.Therefore,a new detection method based on AST(Abstract Syntax Tree)and XGBoost jsp_webshell is proposed,and for the first time,the AST sequence features and GloVe word embedding algorithm are applied to webshell detection.Firstly,the samples are preprocessed and the java abstract syntax tree features obtained.Then,by using the word vector training algorithm GloVe,the syntax tree features is transformed into word vector.Finally,XGBoost algorithm is used to classify and train them.Compared with other methods,the experiment results indicate that the detection method has better performance,and the accuracy is as high as 98.73%.
作者
茅雨绮
施勇
薛质
MAO Yu-qi;SHI Yong;XUE Zhi(School of Electronic Information and Electrical Engineering,Shanghai Jiaotong University,Shanghai 200240,China)
出处
《通信技术》
2020年第10期2543-2549,共7页
Communications Technology
基金
国家重点研发计划项目“网络空间安全”重点专项(No.2017YFB0803203)。
