Research On Webshell Detection Based On Bayesian Network

With the maturity of 5G technology and its gradual commercialization,more and more web applications have become popular,and the security issues on the web side have become increasingly prominent.In order to facilitate the in-depth invasion of the website,most hackers will choose to obtain the Webshell by all means when entering the web system to achieve control of the website.The more common ways to obtain Webshell are:directly uploading Webshell files on the front end of the website,malicious code injection,and carrying malicious files when transferring remote files,some intruders will use XSS to upload Webshell,and there are weak protection awareness for some Web site,some very traditional attack methods such as database backup will be used to conduct Webshell attacks.Webshell is a backdoor program based on Web services.Some machine learning and deep learning methods have been used in the field of Webshell detection,but the current methods need to be further explored in terms of discovering new attacks and performance.In order to effectively solve the problem that Webshell is difficult to extract features and detect low efficiency after obfuscation and encryption,this paper studies a Webshell detection model based on Bayesian network.The main research contents and contributions mainly include the following three points:(1)Automatically construct Bayesian network structure and CPT(conditional probability table)based on data instead of using expert knowledge(prior probability)to make Bayesian network construction more capable Fitting the data itself,you can mine the association between features at a deeper level to find a more efficient network structure.(2)This article proposes two methods for Webshell feature extraction based on Neo Pi and file operation attributes.Analyze Webshell file document attributes and operation attributes,construct a feature matrix,and improve the detection performance of Bayesian network for Webshell.Compared with traditional machine learning and detection methods,it effectively solves the problems that its characteristic meaning is unclear,and it is impossible to effectively identify obfuscated and encrypted Webshell.(3)A detection method based on Bayesian network is proposed.For some machine algorithms must be trained on a large number of samples to get a better classification model,the Bayesian network algorithm used in this paper can get a better model under a smaller number of samples and effectively identify malicious Webshell files.Under the same conditions,the model studied in this paper has obtained relatively good results on some evaluation indicators compared to some classic machine learning algorithm models.