Application Of Integrated Learning And Feature Engineering In Webshell Detection And Network Intrusion Detection

With the rapid development of the internet,various forms of network attacks emerge one after another.Iimplanting Trojan backdoors,launching DDOS attacks through the network,accessing the server to execute the operation authority after uploading Webshell to the invasion website,etc.This paper focuses on intrusion detection and Webshell detection in network security issues,studies ensemble learning and feature engineering and applies they in Webshell detection and network intrusion detection.The main work is as follows:Based on the analysis of Webshell detection technology developed in recent years,this paper proposed a multiple classifiers integrated model.First,the files was analyzed to extract the valid information,including static characters,corresponding opcode and other features on the PHP file;Second,different basic classifiers and improved classifiers were trained and analyzed.Finally,an integrated model based on Stacking was proposed.For network intrusion detection,this paper proposed an ensemble learning intrusion detection method based on recursive feature elimination(RFE).The intrusion detection method is divided into four steps.The first step is to preprocess the acquired data by eliminating redundant and irrelevant data from the data set to achieve better resource utilization and reduce time complexity;the second step is to extract new features from the preprocessed data based on feature engineering,By experimentally comparing the two different feature engineering algorithms of principal component analysis(PCA)and RFE,finally decision tree-based recursive elimination algorithm to select new features;the third step is to use the extracted new features to train the relevant ensemble learning model;finally,to combine the results of multiple machine learning models through Stacking technology and generate the final output.The Webshell detection technology proposed in this paper can finally achieve the accuracy of 98.447%and precision of 99.227%after verification with data sets in multiple GitHub open source project,with an efficiency improved by at least 3%compared with the traditional machine learning algorithm,and it also has excellent performance compared with the mainstream detection tools.For network intrusion detection,comparison experiments were conducted on KDD CUP 99 standard data set,the existing intrusion detection technology and a variety of machine learning algorithms were analysied.The experimental results show that the method based on RFE-Stacking can improve multiple technical indicators of intrusion detection.In addition to the accuracy of U2R,which is 98%,the accuracy of various other features is higher than 99.4%.