摘要
【目的】Webshell是一类基于网页脚本的Web攻击程序。黑客攻击者可以通过Webshell获取服务器相关权限来窃取有价值的信息和篡改网页内容等。Webshell种类繁多,现有的检测技术手段无法应对复杂灵活的Webshell,导致Webshell检测效果差,泛化能力弱等问题。【方法】针对目前存在问题,本文提出了ATWebshell,一种融合对抗学习和长短语义感知的Webshell检测模型。该模型一方面在词向量层主动引入对抗扰动来模拟攻击者对Webshell检测的对抗攻击,另一方面通过TextCNN和GRU双塔模型联合学习句内和句间的恶意行为。【结果】实验结果表明,本文的模型ATWebshell在提升召回率的同时也提升了精确率。【结论】通过结果证明本文ATWebshell模型的合理性和有效性,本文的研究方法为其它研究提供了思路。
[Objective]Webshell is a type of web attacking program based on web scripting.Hackers obtain server-related privileges through Webshell to obtain valuable information and modify web content etc.Because there are many kinds of webshell attacks,the existing detection technology is unable to deal with complex and flexible webshells,resulting in poor detection accuracy and weak generalization ability.[Methods]To this end,this paper proposes a model named ATWebshell,which merges adversarial learning and long short semantic awareness model architecture.ATWebshell introduces adversarial disturbance in the word embedding layer to simulate the attacker’s adversarial attack on webshell detection.Then a bi-tower model including TextCNN and GRU is exploited to learn intra-line and inter-line semantic information.[Results]The experimental results show that the model ATWebshell in this paper not only improves the recall rate but also improves the precision rate.[Conclusions]The results prove the rationality and validity of the ATWebshell model in this paper,and the research method in this paper provides ideas for other researches.
作者
郜洪奎
安通鉴
税雪飞
王欣
范渊
GAO Hongkui;AN Tongjian;SHUI Xuefei;WANG Xin;FAN Yuan(DAS-Security Co.,Ltd,Hangzhou,Zhejiang 310051,China)
出处
《数据与计算发展前沿》
CSCD
2022年第5期68-76,共9页
Frontiers of Data & Computing
