Frontiers of Data and Computing ›› 2022, Vol. 4 ›› Issue (5): 68-76.

CSTR: 32002.14.jfdc.CN10-1649/TP.2022.05.008

doi: 10.11871/jfdc.issn.2096-742X.2022.05.008

• Special Issue: Call for Papers for the 37th National Conference on Computer Security • Previous Articles     Next Articles

ATWebshell: Webshell Detection Model Based on Adversarial Learning and Long-Short Semantic Awareness

GAO Hongkui,AN Tongjian*(),SHUI Xuefei,WANG Xin,FAN Yuan   

  1. DAS-Security Co., Ltd, Hangzhou, Zhejiang 310051, China
  • Received:2022-08-02 Online:2022-10-20 Published:2022-10-27
  • Contact: AN Tongjian E-mail:pacino.an@dbappsecurity.com.cn

Abstract:

[Objective] Webshell is a type of web attacking program based on web scripting. Hackers obtain server-related privileges through Webshell to obtain valuable information and modify web content etc. Because there are many kinds of webshell attacks, the existing detection technology is unable to deal with complex and flexible webshells, resulting in poor detection accuracy and weak generalization ability. [Methods] To this end, this paper proposes a model named ATWebshell, which merges adversarial learning and long short semantic awareness model architecture. ATWebshell introduces adversarial disturbance in the word embedding layer to simulate the attacker’s adversarial attack on webshell detection. Then a bi-tower model including TextCNN and GRU is exploited to learn intra-line and inter-line semantic information. [Results] The experimental results show that the model ATWebshell in this paper not only improves the recall rate but also improves the precision rate. [Conclusions] The results prove the rationality and validity of the ATWebshell model in this paper, and the research method in this paper provides ideas for other researches.

Key words: Webshell detection, adversarial learning, GRU, TextCNN