%0 Conference Proceedings
%T Enhancing the Feature Profiles of Web Shells by Analyzing the Performance of Multiple Detectors
%+ Institute of Information Engineering [Beijing] (IIE)
%+ The University of Hong Kong (HKU)
%A Huang, Weiqing
%A Jia, Chenggang
%A Yu, Min
%A Chow, Kam-Pui
%A Chen, Jiuming
%A Liu, Chao
%A Jiang, Jianguo
%Z Part 2: Forensic Techniques
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 16th IFIP International Conference on Digital Forensics (DigitalForensics)
%C New Delhi, India
%Y Gilbert Peterson
%Y Sujeet Shenoi
%I Springer International Publishing
%3 Advances in Digital Forensics XVI
%V AICT-589
%P 57-72
%8 2020-01-06
%D 2020
%R 10.1007/978-3-030-56223-6_4
%K Web shells
%K feature profiles
%K text vectorization
%K machine learning
%Z Computer Science [cs]Conference papers
%X Web shells are commonly used to transfer malicious scripts in order to control web servers remotely. Malicious web shells are detected by extracting the feature profiles of known web shells and creating a learning model that classifies malicious samples. This chapter proposes a novel feature profile scheme for characterizing malicious web shells based on the opcode sequences and static properties of PHP scripts. A real-world dataset is employed to compare the performance of the feature profile scheme against state-of-art schemes using various machine learning algorithms. The experimental results demonstrate that the new feature profile scheme significantly reduces the false positive rate.
%G English
%Z TC 11
%Z WG 11.9
%2 https://inria.hal.science/hal-03657237/document
%2 https://inria.hal.science/hal-03657237/file/503209_1_En_4_Chapter.pdf
%L hal-03657237
%U https://inria.hal.science/hal-03657237
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9
%~ IFIP-AICT-589