Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

WADS: A Webshell Attack Defender Assisted by Software-Defined Networks

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13107))

  • 594 Accesses

Abstract

Webshell is a code execution environment with extensions like php, asp, and jsp, which essence is to help managers of the system manage the web application effortlessly. Therefore, an attacker can use weshell as a backdoor program to control the webserver similarly. Traditional webshell detection mechanisms like rule matching and feature code detection usually suffer from poor generalization capabilities, leading to a higher rate of false negatives. Based on the Machine Learning model N-Gram, TF-IDF to extract the webshell sample features, three Machine Learning algorithms Multilayer Perceptron, XGBoost, and Naive Bayesian, to train the model. Analysis through training and testing, detection accuracy is more than 99% under the experimental environment, which detectable scope includes php, jsp, asp, and others. By combing the Machine Learning webshell detection model with the Software-Defined Networks using the flow table operate method, we implement a dynamic defense solution against webshell attackers, leading attackers to disconnect with the target network.

This work is supported by the National Natural Science Foundation of China (Grant No. 61972018, 61932014 and U21B2021).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abraham, A., et al.: Machine learning for neuroimaging with Scikit-learn. Front. Neuroinform. 8, 14 (2014)

    Article  Google Scholar 

  2. Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab. J. Sci. Eng. 42(2), 425–441 (2017)

    Article  Google Scholar 

  3. Cavnar, W.B., Trenkle, J.M., et al.: N-gram-based text categorization. In: Proceedings of SDAIR-94, 3rd Annual Symposium on Document Analysis and Information Retrieval, vol. 161175. Citeseer (1994)

    Google Scholar 

  4. Chen, Z., Jiang, F., Cheng, Y., Gu, X., Liu, W., Peng, J.: XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud. In: 2018 IEEE International Conference on Big Data and Smart Computing (BigComp), pp. 251–256. IEEE (2018)

    Google Scholar 

  5. Cui, H., Huang, D., Fang, Y., Liu, L., Huang, C.: Webshell detection based on random forest-gradient boosting decision tree algorithm. In: 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 153–160. IEEE (2018)

    Google Scholar 

  6. Deng, L.Y., Lee, D.L., Chen, Y.H., Yann, L.X.: Lexical analysis for the webshell attacks. In: 2016 International Symposium on Computer, Consumer and Control (IS3C), pp. 579–582. IEEE (2016)

    Google Scholar 

  7. Jespersen, S., Pedersen, T.B., Thorhauge, J.: Evaluating the Markov assumption for web usage mining. In: Proceedings of the 5th ACM International Workshop on Web Information and Data Management, pp. 82–89 (2003)

    Google Scholar 

  8. Koloski, B., Pollak, S., Å krlj, B., Martinc, M.: Extending neural keyword extraction with TF-IDF tagset matching. arXiv preprint arXiv:2102.00472 (2021)

  9. Kuźniar, M., Perešíni, P., Kostić, D.: What you need to know about SDN flow tables. In: Mirkovic, J., Liu, Y. (eds.) PAM 2015. LNCS, vol. 8995, pp. 347–359. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15509-8_26

    Chapter  Google Scholar 

  10. McKeown, N., et al.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)

    Article  Google Scholar 

  11. Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., Yang, B.: Predicting network attack patterns in sdn using machine learning approach. In: 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 167–172. IEEE (2016)

    Google Scholar 

  12. Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  13. Prandl, S., Lazarescu, M., Pham, D.-S.: A study of web application firewall solutions. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 501–510. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26961-0_29

    Chapter  Google Scholar 

  14. Ramos, J., et al.: Using TF-IDF to determine word relevance in document queries. In: Proceedings of the First Instructional Conference on Machine Learning, vol. 242, pp. 29–48. Citeseer (2003)

    Google Scholar 

  15. Ruck, D.W., Rogers, S.K., Kabrisky, M.: Feature selection using a multilayer perceptron. J. Neural Netw. Comput. 2(2), 40–48 (1990)

    Google Scholar 

  16. Scott-Hayward, S., O’Callaghan, G., Sezer, S.: SDN security: a survey. In: 2013 IEEE SDN for Future Networks and Services (SDN4FNS), pp. 1–7. IEEE (2013)

    Google Scholar 

  17. Shin, S., Yegneswaran, V., Porras, P., Gu, G.: Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 413–424 (2013)

    Google Scholar 

  18. Tian, Y., Wang, J., Zhou, Z., Zhou, S.: CNN-webshell: malicious web shell detection with convolutional neural network. In: Proceedings of the 2017 VI International Conference on Network, Communication and Computing, pp. 75–79 (2017)

    Google Scholar 

  19. Tianmin, G., Jiemin, Z., Jian, M.: Research on webshell detection method based on machine learning. In: 2019 3rd International Conference on Electronic Information Technology and Computer Engineering (EITCE), pp. 1391–1394. IEEE (2019)

    Google Scholar 

  20. Tomonori, F.: Introduction to RYU SDN framework. Open Networking Summit, pp. 1–14 (2013)

    Google Scholar 

  21. Tu, T.D., Guang, C., Xiaojun, G., Wubin, P.: Webshell detection techniques in web applications. In: Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT), pp. 1–7. IEEE (2014)

    Google Scholar 

  22. Wang, C., Yang, H., Zhao, Z., Gong, L., Li, Z.: The research and improvement in the detection of PHP variable webshell based on information entropy. J. Comput. 28, 62–68 (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Cyber Science and Technology, Beihang University, Beijing, China

    Beiyuan Yu, JianWei Liu & Ziyu Zhou

Authors
  1. Beiyuan Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. JianWei Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ziyu Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to JianWei Liu .

Editor information

Editors and Affiliations

  1. Singapore Management University, Singapore, Singapore

    Robert Deng

  2. Huawei International, Singapore, Singapore

    Feng Bao

  3. School of Computer Science, University of Wollongong, Wollongong, NSW, Australia

    Guilin Wang

  4. Nanjing University of Information Science and Technology, Nanjing, China

    Jian Shen

  5. School of Computer Science, University of Birmingham, Birmingham, UK

    Mark Ryan

  6. Danmarks Tekniske Universitet, Kongens Lyngby, Denmark

    Weizhi Meng

  7. Nankai University, Tianjin, China

    Ding Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yu, B., Liu, J., Zhou, Z. (2021). WADS: A Webshell Attack Defender Assisted by Software-Defined Networks. In: Deng, R., et al. Information Security Practice and Experience. ISPEC 2021. Lecture Notes in Computer Science(), vol 13107. Springer, Cham. https://doi.org/10.1007/978-3-030-93206-0_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-93206-0_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-93205-3

  • Online ISBN: 978-3-030-93206-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation