Research on WebShell encrypted communication detection based on machine learning

Leiyu Che; Xiaodong Liu

doi:10.1117/12.3032051

8 June 2024 Research on WebShell encrypted communication detection based on machine learning

Leiyu Che, Xiaodong Liu

Proceedings Volume 13171, Third International Conference on Algorithms, Microchips, and Network Applications (AMNA 2024); 131711M (2024) https://doi.org/10.1117/12.3032051
Event: 3rd International Conference on Algorithms, Microchips and Network Applications (AMNA 2024), 2024, Jinan, China

Abstract

Webshell is a backdoor program based on web services. Attackers can use WebShell to gain administrative privileges for web services, thereby achieving penetration and control of web applications. With the gradual development of traffic encryption technology, traditional detection methods that match text content features and network traffic features are becoming increasingly difficult to prevent complex WebShell malicious attacks in production environments, especially variant samples, adversarial samples or 0Day vulnerability samples, and the detection effect is not ideal. This article constructs a network collection environment and collects malicious Webshell traffic samples using different platforms, languages, and tools; A WebShell encrypted traffic recognition method based on Relie F feature extraction was proposed, which assigns weights to multiple features through the Relie F algorithm and selects feature groups with strong classification ability based on the size of the weights; Finally, use the LightGBM classification algorithm to identify normal encrypted traffic and WebShell encrypted traffic, and distinguish the management tools to which WebShell password traffic belongs. The experimental results indicate that this method can effectively distinguish between normal encrypted traffic and Webshell malicious traffic. The recognition accuracy and recall rate of Webshell management tool software are both higher than 92%.

(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.

Citation Download Citation

Leiyu Che and Xiaodong Liu "Research on WebShell encrypted communication detection based on machine learning", Proc. SPIE 13171, Third International Conference on Algorithms, Microchips, and Network Applications (AMNA 2024), 131711M (8 June 2024); https://doi.org/10.1117/12.3032051

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
6 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Feature extraction

Detection and tracking algorithms

Machine learning

Education and training

Data communications

Network security

Statistical analysis

Keywords/Phrases

Search In:

Publication Years