| Linux下基于SVM分类器的WebShell检测方法研究 |
| |
| 引用本文: | 孟正,梅瑞,张涛,文伟平.Linux下基于SVM分类器的WebShell检测方法研究[J].信息网络安全,2014(5):5-9. |
| |
| 作者姓名: | 孟正 梅瑞 张涛 文伟平 |
| |
| 作者单位: | 北京大学软件与微电子学院,北京100871 |
| |
| 基金项目: | 国家自然科学基金[61170282] |
| |
| 摘 要: | WebShell是一种常见的网页后门,它常常被攻击者用来获取Web服务器的操作权限。文章首先分析了Linux下WebShell的实现机理,描述了WebShell的常见特征和特征混淆方法,然后以此为基础,提出了一种基于SVM分类器的检测方法,并在仿真平台下对其予以实现。文章从准确度、特定度和灵敏度3个方面比较了基于SVM分类器的WebShell检测方法、基于特征匹配的WebShell检测方法和基于决策树的WebShell检测方法。实验结果表明,文章提出的方法能够准确、高效地对WebShell进行检测。
|
| 关 键 词: | WebShell检测 SVM分类器 特征提取 |
Research of Linux WebShell Detection based on SVM Classifier |
| |
| MENG Zheng,MEI Rui,ZHANG Tao,WEN Wei-ping.Research of Linux WebShell Detection based on SVM Classifier[J].Netinfo Security,2014(5):5-9. |
| |
| Authors: | MENG Zheng MEI Rui ZHANG Tao WEN Wei-ping |
| |
| Affiliation: | (School of Software&Microelectronics, Peking University, Beijing 100871, China) |
| |
| Abstract: | WebShell is a common webpage back door, which can be used by attackers to obtain Web server permissions. The realization mechanism of Linux WebShell is analyzed, the common characteristics and the characteristic mixed method are described in this paper. On this basis, a detection method based on SVM classifier is put forward and realized. From three aspects of accuracy, specificity and sensitivity, the WebShell detection methods individually based on SVM classifier, characteristic matching and decision tree are compared. The experimental result shows that the method proposed in this paper can detect WebShell accurately and efficiently. |
| |
| Keywords: | WebShell detection SVM classifier characteristic extraction |
| 本文献已被 CNKI 维普 等数据库收录! |
|
