| The widespread use of the Web system makes its security more and more valued.After an attacker attacks the Web system successfully,it usually uploads Webshell to achieve long-term control of the server.Therefore,how to effectively detect Webshell has become a hot topic in the field of Web security.This paper starts with experiments,selects ten high-usage open source projects,and crawls 1233 Webshell randomly placed in these projects,and then uses the dynamic and static detection algorithms to detect Webshell respectively.Finally,two deficiencies of the current detection algorithm are obtained:the generalized defense problem and the specific defense against different Web systems,resulting in great differences in success rates between different algorithms;the single-level defense problem is only on a single level Defense,it is easy to escape by Webshell,resulting in reduced detection rate.In response to these two issues,this paper proposes a multi-level detection theory based on Web knowledge base.Starting with the establishment of Web knowledge base,we first select the test data generated by the functional testing phase as the original data,and then establish a request response tree for request and response.Finally,we extend the request response tree based on the file tree to form a description of the Web system knowledge base.Around the Web knowledge base,the article establishes the corresponding different defense methods from the three levels of pre-reinforcement,mid-term defense and post-audit.Achieve a multi-level defense system.Finally,the defense against open source vulnerability platform DVWA is used to verify the accuracy of this system compared with other detection algorithms,which can improve the accuracy by about 15%and reduce the false alarm rate by about 5%. |
PDF Full Text Request