Poster: Long PHP webshell files detection based on sliding window attention

• URL: http://arxiv.org/abs/2502.19257v2
• Date: Thu, 27 Feb 2025 12:36:55 GMT
• Title: Poster: Long PHP webshell files detection based on sliding window attention
• Authors: Zhiqiang Wang, Haoyu Wang, Lu Hao,
• Abstract summary: We first convert PHP source code to opcodes and then extract Opcode Double-Tuples (ODTs)<n>To address the challenge that deep learning methods have difficulty detecting long webshell files, we introduce a sliding window attention mechanism.<n> Experimental results show that our method reaches high accuracy in webshell detection.
• Score: 7.20974772731121
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Webshell is a type of backdoor, and web applications are widely exposed to webshell injection attacks. Therefore, it is important to study webshell detection techniques. In this study, we propose a webshell detection method. We first convert PHP source code to opcodes and then extract Opcode Double-Tuples (ODTs). Next, we combine CodeBert and FastText models for feature representation and classification. To address the challenge that deep learning methods have difficulty detecting long webshell files, we introduce a sliding window attention mechanism. This approach effectively captures malicious behavior within long files. Experimental results show that our method reaches high accuracy in webshell detection, solving the problem of traditional methods that struggle to address new webshell variants and anti-detection techniques.

Related papers

• Can LLMs handle WebShell detection? Overcoming Detection Challenges with Behavioral Function-Aware Framework [11.613261852608062]
  WebShell attacks, in which malicious scripts are injected into web servers, are a major cybersecurity threat. This work is the first to explore the feasibility and limitations of Large Language Models for WebShell detection.
  arXiv  Detail & Related papers  (2025-04-14T21:09:37Z)
• Enhancing Webshell Detection With Deep Learning-Powered Methods [0.6390468088226495]
  Webshell attacks are becoming more common, requiring robust detection mechanisms to protect web applications.<n>The dissertation proposes ASAF, an advanced DL-Powered Source-Code Scanning Framework that uses signature-based methods and deep learning algorithms to detect known and unknown webshells.<n>Second, the dissertation introduces a deep neural network that detects webshells using real-time HTTP traffic analysis of web applications.
  arXiv  Detail & Related papers  (2024-12-07T04:26:36Z)
• Graspness Discovery in Clutters for Fast and Accurate Grasp Detection [57.81325062171676]
  "graspness" is a quality based on geometry cues that distinguishes graspable areas in cluttered scenes. We develop a neural network named cascaded graspness model to approximate the searching process. Experiments on a large-scale benchmark, GraspNet-1Billion, show that our method outperforms previous arts by a large margin.
  arXiv  Detail & Related papers  (2024-06-17T02:06:47Z)
• Research and application of artificial intelligence based webshell detection model: A literature review [1.6223257916285212]
  Webshell, as the "culprit" behind numerous network attacks, is one of the research hotspots in the field of cybersecurity. The complexity, stealthiness, and confusing nature of webshells pose significant challenges to the corresponding detection schemes. With the rise of Artificial Intelligence (AI) technology, researchers have started to apply different intelligent algorithms and neural network architectures to the task of webshell detection.
  arXiv  Detail & Related papers  (2024-04-28T06:14:27Z)
• Task-Agnostic Detector for Insertion-Based Backdoor Attacks [53.77294614671166]
  We introduce TABDet (Task-Agnostic Backdoor Detector), a pioneering task-agnostic method for backdoor detection. TABDet leverages final layer logits combined with an efficient pooling technique, enabling unified logit representation across three prominent NLP tasks. TABDet can jointly learn from diverse task-specific models, demonstrating superior detection efficacy over traditional task-specific methods.
  arXiv  Detail & Related papers  (2024-03-25T20:12:02Z)
• Large Language Models are Few-shot Generators: Proposing Hybrid Prompt Algorithm To Generate Webshell Escape Samples [1.6223257916285212]
  We propose the Hybrid Prompt algorithm for webshell escape sample generation with the help of large language models. As a prompt algorithm specifically developed for webshell sample generation, the Hybrid Prompt algorithm not only combines various prompt ideas including Chain of Thought, Tree of Thought, but also incorporates various components such as webshell hierarchical module. Experimental results show that the Hybrid Prompt algorithm can work with multiple LLMs with excellent code reasoning ability to generate high-quality webshell samples.
  arXiv  Detail & Related papers  (2024-02-12T04:59:58Z)
• Chatbots in a Botnet World [0.0]
  The research demonstrates thirteen coding tasks that generally qualify as stages in the MITRE ATT&CK framework. The experimental prompts generate examples of keyloggers, logic bombs, obfuscated worms, and payment-fulfilled ransomware.
  arXiv  Detail & Related papers  (2022-12-18T16:08:40Z)
• CLAWSAT: Towards Both Robust and Accurate Code Models [74.57590254102311]
  We integrate contrastive learning (CL) with adversarial learning to co-optimize the robustness and accuracy of code models. To the best of our knowledge, this is the first systematic study to explore and exploit the robustness and accuracy benefits of (multi-view) code obfuscations in code models.
  arXiv  Detail & Related papers  (2022-11-21T18:32:50Z)
• Multi-Modal Few-Shot Object Detection with Meta-Learning-Based Cross-Modal Prompting [77.69172089359606]
  We study multi-modal few-shot object detection (FSOD) in this paper, using both few-shot visual examples and class semantic information for detection. Our approach is motivated by the high-level conceptual similarity of (metric-based) meta-learning and prompt-based learning. We comprehensively evaluate the proposed multi-modal FSOD models on multiple few-shot object detection benchmarks, achieving promising results.
  arXiv  Detail & Related papers  (2022-04-16T16:45:06Z)
• Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
  In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models. We propose a method to verify if a pre-trained model is Trojaned or benign. Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
  arXiv  Detail & Related papers  (2020-07-28T19:00:40Z)
• Scalable Backdoor Detection in Neural Networks [61.39635364047679]
  Deep learning models are vulnerable to Trojan attacks, where an attacker can install a backdoor during training time to make the resultant model misidentify samples contaminated with a small trigger patch. We propose a novel trigger reverse-engineering based approach whose computational complexity does not scale with the number of labels, and is based on a measure that is both interpretable and universal across different network and patch types. In experiments, we observe that our method achieves a perfect score in separating Trojaned models from pure models, which is an improvement over the current state-of-the art method.
  arXiv  Detail & Related papers  (2020-06-10T04:12:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.