|
Abstract A semanticsbased Webshell detection method was proposed. This method obtained the code behavior and related dependencies by syntax analysis of the file, and achieved semantic understanding to complete the Webshell detection by the risk model. A critical abstract syntax subtree extraction method which can reject irrelevant factor and get the malicious behavior occurrence point was proposed. The description of behavior in risk model database was defined with BackusNaur Form, finally a smooth risk value curve could be obtained by graph matching algorithm, which can finish the criticality assessment of the file and can get a better result by adjusting the threshold A webshell detection system based on that detection method was designed and finished, the experimental results have demonstrated that the SemanticsBased method was effective in Webshell detection.
|
Received: 20 February 2017
Published: 20 February 2017
|
|
|
|
[1]Stranieri A, Zeleznikow J. WebShell: The development of web based expert systems[M] Research and Development in Intelligent Systems XVIII. Berlin: Springer, 2002: 245258[2]Kolbitsch C, Livshits B, Zorn B, et al. Rozzle: Decloaking internet malware[C] Proc of 2012 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2012: 443457[3]Koo T M, Chang H C, Hsu Y T, et al. Malicious Website detection based on honeypot systems[C] Proc of the 2nd Int Conf on Advances in Computer Science and Engineering (CSE 2013). Los Angeles, CA: Atlantis Press, 2013: 7682[4]Wrench P M, Irwin B V W. Towards a PHP Webshell taxonomy using deobfuscationassisted similarity analysis[C] Proc of Information Security for South Africa. Piscataway, NJ: IEEE, 2015: 18[5]Mingkun X, Xi C, Yan H. Design of software to search ASP web shell[J]. Procedia Engineering, 2012, 29: 123127[6]Tu T D, Guang C, Xiaojun G, et al. Webshell detection techniques in web applications[C] Proc of Int Conf on Computing, Communication and Networking Technologies (ICCCNT). Piscataway, NJ: IEEE, 2014: 17[7]Hu J, Xu Z, Ma D, et al. Research of Webshell detection based on decision tree[J]. Journal of Network New Media, 2012, 6: 1520[8]石刘洋. 基于Web日志的Webshell 检测方法研究[J]. 信息安全研究, 2016, 2(1): 6673[9]Hansen R J, Patterson M L. Guns and butter: Towards fornal axioms of input validation[J]. Black Hat USA, 2005, 7(6): 109117[10]Deng L Y, Lee D L, Chen Y H, et al. Lexical analysis for the Webshell attacks[C] Proc of Int Symp on Computer, Consumer and Control (IS3C). Piscataway, NJ: IEEE, 2016: 579582
|
|
|