Toward a Deep Learning Approach for Detecting PHP Webshell

被引：14

作者：

Ngoc-Hoa Nguyen ^{[1
]}

Viet-Ha Le ^{[2
]}

Van-On Phung ^{[2
]}

Phuong-Hanh Du ^{[1
]}

机构：

[1] VNU Univ Engn & Technol, Hanoi, Vietnam

[2] Off Govt, Hanoi, Vietnam

来源：

SOICT 2019: PROCEEDINGS OF THE TENTH INTERNATIONAL SYMPOSIUM ON INFORMATION AND COMMUNICATION TECHNOLOGY | 2019年

关键词：

pattern matching; yara rules; deep learning; CNN; opcode sequence; web shell detection;

D O I：

10.1145/3368926.3369733

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

The most efficient way of securing Web applications is searching and eliminating threats therein (from both malwares and vulnerabilities). In case of having Web application source codes, Web security can be improved by performing the task to detecting malicious codes, such as Web shells. In this paper, we proposed a model using a deep learning approach to detect and identify the malicious codes inside PHP source files. Our method relies on (i) pattern matching techniques by applying Yara rules to build a malicious and benign datasets, (ii) converting the PHP source codes to a numerical sequence of PHP opcodes and (iii) applying the Convolutional Neural Network model to predict a PHP file whether embedding a malicious code such as a webshell. Thus, we validate our approach with different webshell collections from reliable source published in Github. The experiment results show that the proposed method achieved the accuracy of 99.02% with 0.85% false positive rate.

引用

页码：514 / 521

页数：8

共 17 条

[1] [Anonymous], 2015, 2015 IEEE INT S TECH, DOI DOI 10.1109/THS.2015.7225337
[2] [Anonymous], 2019, PHP MALWARE FINDER
[3] [Anonymous], 2019, WEB TECHNOLOGY SURVE
[4] AUzkan K., 2018, 2018 6 INT S DIG FOR, P1, DOI [10.1109/ISDFS. 2018. 8355390, 10.1109/ISDFS, DOI 10.1109/ISDFS.2018.8355390]
[5] Bherde GP, 2016, 2016 INTERNATIONAL CONFERENCE ON AUTOMATIC CONTROL AND DYNAMIC OPTIMIZATION TECHNIQUES (ICACDOT), P1174, DOI 10.1109/ICACDOT.2016.7877771
[6] Opcodes as predictor for malware
Bilar, Daniel
[J]. INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS, 2007, 1 (02) : 156 - 168
[7] Bragen Simen Rune, 2015, VDP MATH NATURAL SCI, V424
[8] Detection of Malicious Code Variants Based on Deep Learning
Cui, Zhihua
Xue, Fei
Cai, Xingjuan
Cao, Yang
Wang, Gai-ge
Chen, Jinjun
[J]. IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2018, 14 (07) : 3187 - 3196
[9] A Survey on Deception Techniques for Securing Web Application
Efendi, Mohd A., I
Ibrahim, Z.
Zawawi, Ahmad M. N.
Rahim, Abdul F.
Pahri, Mohamad N. A.
Ismail, A.
[J]. 2019 IEEE 5TH INTL CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY) / IEEE INTL CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING (HPSC) / IEEE INTL CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS), 2019, : 328 - 331
[10] Ibrahim AU, 2018, INT POW ELEC APPLICA, P156

← 1 2 →