基于 CNN 的 WebShell 检测工具的设计与实现 Design and Implementation of WebShell Detection Tool based on CNN摘 要随着互联网在我们生活中被广泛应用到社交、金融、行政以及办公等领域,网络安全的问题也越来越被重视。WebShell 的本质是一种 Web 应用脚本程序,由于其可以通过 HTTP 协议的方式对服务器进行控制,故常被黑客用于植入到被入侵的系统中,严重威胁到主机的安全。本文针对现有的 WebShell 检测技术展开分析并实现一款高效、精准的 WebShell 检测工具。由于目前大部分主流的 WebShell 检测工具都是利用静态特征进行匹配的,十分依赖人工提取 WebShell 的特征形成规则库,并且无法对抗未知类型或经过变种的 WebShell,因此本文采用了卷积神经网络算法对网络上公开的 WebShell 样本进行训练生成一个检测模型,并基于该模型设计检测的流程与实现,达到了较好的检测结果。□□关键词:深度学习 WebShell 卷积神经网络 Abstract As the Internet is widely used in our life in social, financial, administrative and office areas, the issue of network security is also more and more attention. The essence of WebShell is a Web application script. Because it can control the server through HTTP protocol, it is often used by hackers to implant it into the system that is invaded, which seriously threatens the security of the host.This paper analyzes the existing WebShell detection technology and realizes an efficient and accurate WebShell detection tool. At present, most of the mainstream WebShell detection tools are matched by static features, which rely on the manual extraction of WebShell features to form a rule base, and cannot fight against unknown types or varieties of WebShell. Therefore, this paper adopts the convolutional neural network algorithm to train the WebShell samples on the network to generate a detection model, and designs the detection process and implementation based on this model, achieving a better detection effect.Key ...
