Enhancing the Feature Profiles of Web Shells by Analyzing the Performance of Multiple Detectors - Advances in Digital Forensics XVI
Conference Papers Year : 2020

Enhancing the Feature Profiles of Web Shells by Analyzing the Performance of Multiple Detectors

Abstract

Web shells are commonly used to transfer malicious scripts in order to control web servers remotely. Malicious web shells are detected by extracting the feature profiles of known web shells and creating a learning model that classifies malicious samples. This chapter proposes a novel feature profile scheme for characterizing malicious web shells based on the opcode sequences and static properties of PHP scripts. A real-world dataset is employed to compare the performance of the feature profile scheme against state-of-art schemes using various machine learning algorithms. The experimental results demonstrate that the new feature profile scheme significantly reduces the false positive rate.

Domains

Computer Science [cs]
Fichier principal
Vignette du fichier
503209_1_En_4_Chapter.pdf (164.13 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Hal Ifip  : Connect in order to contact the contributor

https://inria.hal.science/hal-03657237

Submitted on : Monday, May 2, 2022-5:23:52 PM

Last modification on : Tuesday, November 12, 2024-11:34:03 AM

Long-term archiving on : Wednesday, August 3, 2022-7:15:32 PM

Download

Dates and versions

hal-03657237 , version 1 (02-05-2022)

Licence

Attribution

Identifiers

Cite

Weiqing Huang, Chenggang Jia, Min Yu, Kam-Pui Chow, Jiuming Chen, et al.. Enhancing the Feature Profiles of Web Shells by Analyzing the Performance of Multiple Detectors. 16th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2020, New Delhi, India. pp.57-72, ⟨10.1007/978-3-030-56223-6_4⟩. ⟨hal-03657237⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

IFIP-LNCS IFIP IFIP-AICT IFIP-TC IFIP-WG IFIP-TC11 IFIP-DF IFIP-WG11-9
38 View
75 Download

Altmetric

Share

More