Title: A proactive method of the webshell detection and prevention based on deep traffic analysis

Authors: Ha V. Le; Hanh P. Du; Hoa N. Nguyen; Cuong N. Nguyen; Long V. Hoang

Addresses: Department of Information Systems, VNU University of Engineering and Technology, Hanoi, Vietnam ' Department of Information Systems, VNU University of Engineering and Technology, Hanoi, Vietnam ' Department of Information Systems, VNU University of Engineering and Technology, Hanoi, Vietnam ' Ministry of Public Security, Hanoi, Vietnam ' Ministry of Public Security, Hanoi, Vietnam

Abstract: The popularity of today's web application has led to web servers frequently the objects of webshell attacks. In this paper, we propose a new deep inspection method that is composed of a deep learning algorithm and signature-based technique for webshell detection, namely DLWSD. Moreover, to avoid bottlenecks, DLWSD built-in DeepInspector inspects in real-time the large-scale traffic flows with a strategy of periodic sampling at a defined frequency and interval for only flows that do not satisfy any signature. DeepInspector can create/update rules from webshell attacking alert results to prevent in future. We also proposed a mechanism using the cross-entropy loss function to regulate the training imbalanced dataset. Our experiments allow validating the performance of DLWSD using a popular dataset CSE-CIC-IDS2018 with the metrics accuracy, F1-score, FPR of 99.99%, 99.98%, and 0.01% respectively. It is also better compared with other studies using the same dataset.

Keywords: intrusion detection; webshell detection; webshell prevention; deep neural network; DNN; DPDK.

DOI: 10.1504/IJWGS.2022.126117

International Journal of Web and Grid Services, 2022 Vol.18 No.4, pp.361 - 383

Received: 22 Sep 2021
Accepted: 07 Jan 2022
Published online: 11 Oct 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article