WebShell Attack Detection Based on a Deep Super Learner

Zhuang Ai; Nurbol Luktarhan; AiJun Zhou; Dan Lv

doi:10.3390/sym12091406

Symmetry (Aug 2020)

WebShell Attack Detection Based on a Deep Super Learner

Zhuang Ai,
Nurbol Luktarhan,
AiJun Zhou,
Dan Lv

Affiliations

Zhuang Ai: College of Information Science and Engineering, Xinjiang University, Urumqi 830000, China
Nurbol Luktarhan: College of Information Science and Engineering, Xinjiang University, Urumqi 830000, China
AiJun Zhou: College of Information Science and Engineering, Xinjiang University, Urumqi 830000, China
Dan Lv: College of Information Science and Engineering, Xinjiang University, Urumqi 830000, China

DOI: https://doi.org/10.3390/sym12091406
Journal volume & issue: Vol. 12, no. 9
p. 1406

Abstract

Read online

WebShell is a common network backdoor attack that is characterized by high concealment and great harm. However, conventional WebShell detection methods can no longer cope with complex and flexible variations of WebShell attacks. Therefore, this paper proposes a deep super learner for attack detection. First, the collected data are deduplicated to prevent the influence of duplicate data on the result. Second, to detect the results of the algorithm, static and dynamic feature are taken as the feature of the algorithm to construct a comprehensive feature set. We then use the Word2Vec algorithm to vectorize the features. During this period, to prevent the outbreak of the number of features, we use a genetic algorithm to extract the validity of the feature dimension. Finally, we use a deep super learner to detect WebShell. The experimental results show that this algorithm can effectively detect WebShell, and its accuracy and recall are greatly improved.

Published in Symmetry

ISSN: 2073-8994 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Science: Mathematics
Website: http://www.mdpi.com/journal/symmetry/

About the journal

Abstract

Keywords