Abstract
Webshell is a code execution environment with extensions like php, asp, and jsp, which essence is to help managers of the system manage the web application effortlessly. Therefore, an attacker can use weshell as a backdoor program to control the webserver similarly. Traditional webshell detection mechanisms like rule matching and feature code detection usually suffer from poor generalization capabilities, leading to a higher rate of false negatives. Based on the Machine Learning model N-Gram, TF-IDF to extract the webshell sample features, three Machine Learning algorithms Multilayer Perceptron, XGBoost, and Naive Bayesian, to train the model. Analysis through training and testing, detection accuracy is more than 99% under the experimental environment, which detectable scope includes php, jsp, asp, and others. By combing the Machine Learning webshell detection model with the Software-Defined Networks using the flow table operate method, we implement a dynamic defense solution against webshell attackers, leading attackers to disconnect with the target network.
This work is supported by the National Natural Science Foundation of China (Grant No. 61972018, 61932014 and U21B2021).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abraham, A., et al.: Machine learning for neuroimaging with Scikit-learn. Front. Neuroinform. 8, 14 (2014)
Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab. J. Sci. Eng. 42(2), 425–441 (2017)
Cavnar, W.B., Trenkle, J.M., et al.: N-gram-based text categorization. In: Proceedings of SDAIR-94, 3rd Annual Symposium on Document Analysis and Information Retrieval, vol. 161175. Citeseer (1994)
Chen, Z., Jiang, F., Cheng, Y., Gu, X., Liu, W., Peng, J.: XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud. In: 2018 IEEE International Conference on Big Data and Smart Computing (BigComp), pp. 251–256. IEEE (2018)
Cui, H., Huang, D., Fang, Y., Liu, L., Huang, C.: Webshell detection based on random forest-gradient boosting decision tree algorithm. In: 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 153–160. IEEE (2018)
Deng, L.Y., Lee, D.L., Chen, Y.H., Yann, L.X.: Lexical analysis for the webshell attacks. In: 2016 International Symposium on Computer, Consumer and Control (IS3C), pp. 579–582. IEEE (2016)
Jespersen, S., Pedersen, T.B., Thorhauge, J.: Evaluating the Markov assumption for web usage mining. In: Proceedings of the 5th ACM International Workshop on Web Information and Data Management, pp. 82–89 (2003)
Koloski, B., Pollak, S., Å krlj, B., Martinc, M.: Extending neural keyword extraction with TF-IDF tagset matching. arXiv preprint arXiv:2102.00472 (2021)
Kuźniar, M., PereÅ¡Ãni, P., Kostić, D.: What you need to know about SDN flow tables. In: Mirkovic, J., Liu, Y. (eds.) PAM 2015. LNCS, vol. 8995, pp. 347–359. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15509-8_26
McKeown, N., et al.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., Yang, B.: Predicting network attack patterns in sdn using machine learning approach. In: 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 167–172. IEEE (2016)
Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Prandl, S., Lazarescu, M., Pham, D.-S.: A study of web application firewall solutions. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 501–510. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26961-0_29
Ramos, J., et al.: Using TF-IDF to determine word relevance in document queries. In: Proceedings of the First Instructional Conference on Machine Learning, vol. 242, pp. 29–48. Citeseer (2003)
Ruck, D.W., Rogers, S.K., Kabrisky, M.: Feature selection using a multilayer perceptron. J. Neural Netw. Comput. 2(2), 40–48 (1990)
Scott-Hayward, S., O’Callaghan, G., Sezer, S.: SDN security: a survey. In: 2013 IEEE SDN for Future Networks and Services (SDN4FNS), pp. 1–7. IEEE (2013)
Shin, S., Yegneswaran, V., Porras, P., Gu, G.: Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 413–424 (2013)
Tian, Y., Wang, J., Zhou, Z., Zhou, S.: CNN-webshell: malicious web shell detection with convolutional neural network. In: Proceedings of the 2017 VI International Conference on Network, Communication and Computing, pp. 75–79 (2017)
Tianmin, G., Jiemin, Z., Jian, M.: Research on webshell detection method based on machine learning. In: 2019 3rd International Conference on Electronic Information Technology and Computer Engineering (EITCE), pp. 1391–1394. IEEE (2019)
Tomonori, F.: Introduction to RYU SDN framework. Open Networking Summit, pp. 1–14 (2013)
Tu, T.D., Guang, C., Xiaojun, G., Wubin, P.: Webshell detection techniques in web applications. In: Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT), pp. 1–7. IEEE (2014)
Wang, C., Yang, H., Zhao, Z., Gong, L., Li, Z.: The research and improvement in the detection of PHP variable webshell based on information entropy. J. Comput. 28, 62–68 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Yu, B., Liu, J., Zhou, Z. (2021). WADS: A Webshell Attack Defender Assisted by Software-Defined Networks. In: Deng, R., et al. Information Security Practice and Experience. ISPEC 2021. Lecture Notes in Computer Science(), vol 13107. Springer, Cham. https://doi.org/10.1007/978-3-030-93206-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-93206-0_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93205-3
Online ISBN: 978-3-030-93206-0
eBook Packages: Computer ScienceComputer Science (R0)