Mitigating Webshell Attacks through Machine Learning Techniques.

[EN] A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching methods-matching input scripts against pre-built malicious code collections. The feature-matching method has a low detection rate for obfuscated webshells. However, with the help of machine learning algorithms, webshells can be detected more efficiently and accurately. In this paper, we propose a new PHP webshell detection model, the NB-Opcode (naive Bayes and opcode sequence) model, which is a combination of naive Bayes classifiers and opcode sequences. Through experiments and analysis on a large number of samples, the experimental results show that the proposed method could effectively detect a range of webshells. Compared with the traditional webshell detection methods, this method improves the efficiency and accuracy of webshell detectionGuo, Y.; Marco-Gisbert, H.; Keir, P. (2020). Mitigating Webshell Attacks through Machine Learning Techniques. Future Internet. 12(1):1-16. https://doi.org/10.3390/fi1201001211612