• • 上一篇    下一篇

Linux下基于SVM分类器的WebShell检测方法研究

孟正%梅瑞%张涛%伟平   

  • 基金资助:
    国家自然科学基金(61170282)

Research of Linux WebShell Detection based on SVM Classiifer

MENG Zheng%MEI Rui%ZHANG Tao%WEN Wei-ping   

  • About author:北京大学软件与微电子学院,北京,100871

摘要: WebShell是一种常见的网页后门,它常常被攻击者用来获取Web服务器的操作权限。文章首先分析了Linux下WebShell的实现机理,描述了WebShell的常见特征和特征混淆方法,然后以此为基础,提出了一种基于SVM分类器的检测方法,并在仿真平台下对其予以实现。文章从准确度、特定度和灵敏度3个方面比较了基于SVM分类器的WebShell检测方法、基于特征匹配的WebShell检测方法和基于决策树的WebShell检测方法。实验结果表明,文章提出的方法能够准确、高效地对WebShell进行检测。

Abstract: WebShell is a common webpage back door, which can be used by attackers to obtain Web server permissions. The realization mechanism of Linux WebShell is analyzed, the common characteristics and the characteristic mixed method are described in this paper. On this basis, a detection method based on SVM classiifer is put forward and realized. From three aspects of accuracy, speciifcity and sensitivity, the WebShell detection methods individually based on SVM classiifer, characteristic matching and decision tree are compared. The experimental result shows that the method proposed in this paper can detect WebShell accurately and efifciently.