摘要
随着互联网的快速发展,Web应用已成为人们日常生活和工作中必不可少的一部分,随之而来的是大量针对Web服务的攻击,在目标服务器上植入Webshell已成为攻击者最常用的手段。通过Webshell,攻击者可以在目标服务器上执行一些命令从而完成信息嗅探、数据窃取或篡改等非法操作,对Web服务器造成巨大危害。最开始研究人员通过从Webshell中提取特征码的方式来检测Webshell,后来为了逃避检测,混淆和加密技术在Webshell中被广泛采用,这极大地增加了Webshell检测的难度,为此许多研究人员开始采用机器学习技术来进行Webshell的检测。从多个角度阐述了Webshell检测技术发展现状、所遇到的问题及今后的研究方向。
With the rapid development of the Internet,Web applications become an indispensable part of people’s daily lives and work,followed by a large number of attacks against Web services.Implanting Webshell on targeted servers becomes the most commonly used means by attackers.Through Webshell,attackers can execute some commands on the target server to complete illegal operations such as information sniffing,data stealing or tampering,causing great harm to the Web server.At first,researchers detected Webshells by extracting signatures from Webshells,and later in order to evade detection,obfuscation and encryption techniques were widely adopted in Webshell by attackers,which greatly increased the difficulty of Webshell detection.For this reason,many researchers began to use machine learning techniques for Webshell detection.This paper explains the development of Webshell detection technology,the problems encountered and the future research directions from several perspectives.
作者
孙昊翔
曹浪
吴迪锋
谭天
SUN Haoxiang;CAO Lang;WU Difeng;TAN Tian(Hangzhou DPtech Technologies Co.,Ltd.,Hangzhou Zhejiang 310051,China;Hangzhou DPtech Information Technology Co.,Ltd.,Hangzhou Zhejiang 310051,China;Hangzhou DPtech Information Technology Co.,Ltd.,Chengdu Sichuan 610041,China)
出处
《信息安全与通信保密》
2022年第9期82-90,共9页
Information Security and Communications Privacy