| Nowadays,the continuous development of network technology and Internet application has brought convenience to people's life.But at the same time,attack technology tends to be complicated and diversified,and network applications are constantly subjected to network attacks and security threats from all aspects.WebShell is one of the tools hackers use for network attacks.Hackers use system vulnerabilities to upload WebShell to the target server,then they can freely access the target server through WebShell.Therefore,detection of WebShell in web server is very important to protect website security and customer privacy.At present,domestic security protection products have realized the harm of WebShell,but most of their detection methods are recognition methods based on character feature matching.However,WebShell codes in different languages are different,and the same language has a variety of variants for the same WebShell.Attackers can easily bypass such protection by deforming WebShell code.How to effectively identify WebShell files or WebShell communication is an urgent problem to be solved.This thesis studies WebShell detection from the perspective of file recognition,considers WebShell detection as a pattern recognition problem,and introduces machine learning method into WebShell detection system.Firstly,this thesis analyzes the characteristics of WebShell type,WebShell detection technology and WebShell escape means,and studies the machine learning algorithm applied to WebShell detection.About machine learning algorithm,this thesis introduces the application process of machine learning,common machine learning classification algorithm and detection effect.Then,a new WebShell detection model based on machine learning is proposed in this thesis,due to the shortcomings of existing WebShell detection,such as category bias,undifferentiated detection effect and weak generalization ability.Feature resolution module in the detection model,extracts features of WebShell files from multiple dimensions,and EB-Relief feature selection method is used to extract the optimal subset maximum efficiency balance from high-dimensional features.This thesis selects the random forest classification algorithm,which has strong generalization ability and anti-noise ability,can deal with high-dimensional feature data sets as the classification algorithm in the detection model.In addition,a result verification and false alarm sample database update module are added to the model to improve the detection model and constantly reduce the false alarm rate of the detection model.Through experiments,it is proved that the multi-dimensional detection feature is reasonable,and the EB-Relief based feature selection method can reduce the dimension of feature set and at the same time enable the detection model to achieve high accuracy and accuracy.This thesis compares the proposed detection model with the existing detection technology,and the comparison results show that the detection method proposed in this thesis has a high detection rate for WebShell. |
PDF Full Text Request