@inproceedings{787e0e9353f145aea309c88697fdff39,
title = "A PHP and JSP web shell detection system with text processing based on machine learning",
abstract = "Web shell is one of the most common network attack methods, and traditional detection methods may not detect complex and flexible variants of web shell attacks. In this paper, we present a comprehensive detection system that can detect both PHP and JSP web shells. After file classification, we use different feature extraction methods, i.e. AST for PHP files and bytecode for JSP files. We present a detection model based on text processing methods including TF-IDF and Word2vec algorithms. We combine different kinds of machine learning algorithms and perform a comprehensively controlled experiment. After the experiment and evaluation, we choose the detection machine learning model of the best performance, which can achieve a high detection accuracy above 98%.",
keywords = "AST, Bytecode, Machine Learning, Opcode, Web Shell, XGBoost",
author = "Han Zhang and Ming Liu and Zihan Yue and Zhi Xue and Yong Shi and Xiangjian He",
note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020 ; Conference date: 29-12-2020 Through 01-01-2021",
year = "2020",
month = dec,
doi = "10.1109/TrustCom50675.2020.00219",
language = "English",
series = "Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "1584--1591",
editor = "Guojun Wang and Ryan Ko and Bhuiyan, {Md Zakirul Alam} and Yi Pan",
booktitle = "Proceedings - 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020",
address = "United States",
}