An End-to-End Detection Method for WebShell with Deep Learning

In this paper, a generic static end-to-end detection framework with deep neural network for WebShell is designed, which is free from human labor and domain knowledge. In this paper, we simultaneously introduce word embedding in Natural Language Processing(NLP) and lexical analysis in Programming Language Processing(PLP) to obtain an accurate, structured, semantic-rich vector representation of the script code. For the obtaining's sake, a series of effective tricks are designed to further dig out the high-value information in the script while filtering noise. Then, we provide a desirable algorithm to down-sampling, which drastically reduces the computational costs at a relatively small information loss. Finally, we achieve high detection accuracy by employing the Deep Neural Network (DNN) composed of LSTM and pooling layers. The framework has a significant advantage at least on data set of the experiment.