| The detection of WebShell by the existing anti-virus software is mostly based on the method of fingerprint matching,which is incapable of facing the deformation of WebShell.With the development of cloud technology,more and more devices access the network by cloud computing technology.How to prevent WebShell attacks has become a hot topic in current research.On the other hand,the traditional WebShell defense system is not built on the cloud environment,making it more difficult to play a defense role in the cloud environment.In order to solve this problem,this paper designs and implements EagleEye,a new WebShell detection system for cloud computing environment.This system uses a variety of cloud technologies to build a total control system,distributed detection system and client.Agent's technical solution makes the system effectively applicable to large-scale cloud computing cluster environment,and based on PHP kernel hook technology and PHP static analysis technology,designs and implements “dynamic gray box” with behavior analysis as the core.The technology can effectively solve the problems that existing static and dynamic WebShell detection systems have,such as difficult to track and low code coverage.Besides,the artificial neural network technology is also used in WebShell detection.The WebShell detection module based on convolutional neural network technology is designed and implemented as an integral part of the EagleEye system,and the traditional client agent is improved for controlling high false positive rate that can be caused by aggressive detection strategies.The experimental results show that the EagleEye system can effectively detect various types of WebShell and its variants with very low performance loss.Compared with the existing WebShell detection system,EagleEye has obvious detection rate advantage and is easier to deploy in cloud environment. |
PDF Full Text Request