A proactive method of the webshell detection and prevention based on deep traffic analysis Online publication date: Tue, 11-Oct-2022
by Ha V. Le; Hanh P. Du; Hoa N. Nguyen; Cuong N. Nguyen; Long V. Hoang
International Journal of Web and Grid Services (IJWGS), Vol. 18, No. 4, 2022
Abstract: The popularity of today's web application has led to web servers frequently the objects of webshell attacks. In this paper, we propose a new deep inspection method that is composed of a deep learning algorithm and signature-based technique for webshell detection, namely DLWSD. Moreover, to avoid bottlenecks, DLWSD built-in DeepInspector inspects in real-time the large-scale traffic flows with a strategy of periodic sampling at a defined frequency and interval for only flows that do not satisfy any signature. DeepInspector can create/update rules from webshell attacking alert results to prevent in future. We also proposed a mechanism using the cross-entropy loss function to regulate the training imbalanced dataset. Our experiments allow validating the performance of DLWSD using a popular dataset CSE-CIC-IDS2018 with the metrics accuracy, F1-score, FPR of 99.99%, 99.98%, and 0.01% respectively. It is also better compared with other studies using the same dataset.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Web and Grid Services (IJWGS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com