| Evil-hunter:基于评分机制的web shell检测系统(英文) |
| |
| 引用本文: | 张庭秀,程光,郭晓军,潘吴斌.Evil-hunter:基于评分机制的web shell检测系统(英文)[J].东南大学学报,2014(3):278-284. |
| |
| 作者姓名: | 张庭秀 程光 郭晓军 潘吴斌 |
| |
| 作者单位: | 1. 东南大学计算机科学与工程学院,南京210096; 绥和工业学院信息技术部门,富安620900,越南; 东南大学计算机网络和信息集成教育部重点实验室,南京210096
2. 东南大学计算机科学与工程学院,南京210096; 东南大学计算机网络和信息集成教育部重点实验室,南京210096 |
| |
| 基金项目: | The Science and Technology Support Program of Jiangsu Province No.BE2011173 the Future Network Proactive Pro-gram of Jiangsu Province No.BY2013095-5-03 the Program for Spe-cial Talent in Six Fields of Jiangsu Province No.2011-DZ024. |
| |
| 摘 要: | 针对及时检测攻击者利用系统漏洞或篡改网页开源代码秘密地在web服务器上嵌入的恶意代码web shell问题,提出了一种基于评分机制的web shell检测系统Evil-hunter.首先,从互联网和各种安全论坛上收集了大量的web shell经常使用的恶意函数样本数据.其次,根据恶意函数在web shell和正常web应用中的不同危险级别和使用频度,利用所提出的评分策略对所收集的样本数据进行评分,并分析统计结果以得出适当的分数阈值.最后,根据所得出的分数阈值,借用简单的检测算法来对web应用中所包含的恶意代码web shell进行识别.实验结果表明,与其他方法相比Evil-hunter具有更高的识别率和准确度.
|
| 关 键 词: | web shell检测 评分策略 恶意代码检测 |
Evil-hunter a novel web shell detection system based on scoring scheme |
| |
| Truong Dinh Tu,Cheng Guang,Guo Xiaojun,Pan Wubin.Evil-hunter a novel web shell detection system based on scoring scheme[J].Journal of Southeast University(English Edition),2014(3):278-284. |
| |
| Authors: | Truong Dinh Tu Cheng Guang Guo Xiaojun Pan Wubin |
| |
| Institution: | Truong Dinh Tu Cheng Guang Guo Xiaojun Pan Wubin(1.School of Computer Science and Engineering, Southeast University, Nanjing 210096, China;2.Department of Information Technology, Tuyhoa Industrial College, Phuyen 620900, Vietnam;3.Key Laboratory of Computer Network and Information Integration of Ministry of Education, Southeast University, Nanjing 210096, China) |
| |
| Abstract: | In order to detect web shells that hackers inject into web servers by exploiting system vulnerabilities or web page open sources, a novel web shell detection system based on the scoring scheme is proposed, named Evil-hunter. First, a large set of malicious function samples normally used in web shells are collected from various sources on the Internet and security forums. Secondly, according to the danger level and the frequency of using these malicious functions in the web shells as well as in legal web applications, an assigning score strategy for each malicious sample is devised. Then, the appropriate score threshold value for each sample is obtained from the results of a statistical analysis. Finally, based on the threshold value, a simple algorithm is presented to identify files that contain web shells in web applications. The experimental results show that compared with other approaches, Evil-hunter can identify web shells more efficiently and accurately. |
| |
| Keywords: | web shell detection scoring scheme malicious code identification |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
