东南大学学报(英文版)
東南大學學報(英文版)
동남대학학보(영문판)
JOURNAL OF SOUTHEAST UNIVERSITY
2014年
3期
278-284
,共7页
张庭秀%程光%郭晓军%潘吴斌
張庭秀%程光%郭曉軍%潘吳斌
장정수%정광%곽효군%반오빈
web shell 检测%评分策略%恶意代码检测
web shell 檢測%評分策略%噁意代碼檢測
web shell 검측%평분책략%악의대마검측
web shell detection%scoring scheme%malicious code identification
针对及时检测攻击者利用系统漏洞或篡改网页开源代码秘密地在web服务器上嵌入的恶意代码web shell问题,提出了一种基于评分机制的web shell检测系统Evil-hunter.首先,从互联网和各种安全论坛上收集了大量的web shell经常使用的恶意函数样本数据.其次,根据恶意函数在web shell和正常web应用中的不同危险级别和使用频度,利用所提出的评分策略对所收集的样本数据进行评分,并分析统计结果以得出适当的分数阈值.最后,根据所得出的分数阈值,借用简单的检测算法来对web 应用中所包含的恶意代码web shell进行识别.实验结果表明,与其他方法相比Evil-hunter具有更高的识别率和准确度.
針對及時檢測攻擊者利用繫統漏洞或篡改網頁開源代碼祕密地在web服務器上嵌入的噁意代碼web shell問題,提齣瞭一種基于評分機製的web shell檢測繫統Evil-hunter.首先,從互聯網和各種安全論罈上收集瞭大量的web shell經常使用的噁意函數樣本數據.其次,根據噁意函數在web shell和正常web應用中的不同危險級彆和使用頻度,利用所提齣的評分策略對所收集的樣本數據進行評分,併分析統計結果以得齣適噹的分數閾值.最後,根據所得齣的分數閾值,藉用簡單的檢測算法來對web 應用中所包含的噁意代碼web shell進行識彆.實驗結果錶明,與其他方法相比Evil-hunter具有更高的識彆率和準確度.
침대급시검측공격자이용계통루동혹찬개망혈개원대마비밀지재web복무기상감입적악의대마web shell문제,제출료일충기우평분궤제적web shell검측계통Evil-hunter.수선,종호련망화각충안전론단상수집료대량적web shell경상사용적악의함수양본수거.기차,근거악의함수재web shell화정상web응용중적불동위험급별화사용빈도,이용소제출적평분책략대소수집적양본수거진행평분,병분석통계결과이득출괄당적분수역치.최후,근거소득출적분수역치,차용간단적검측산법래대web 응용중소포함적악의대마web shell진행식별.실험결과표명,여기타방법상비Evil-hunter구유경고적식별솔화준학도.
In order to detect web shells that hackers inject into web servers by exploiting system vulnerabilities or web page open sources a novel web shell detection system based on the scoring scheme is proposed named Evil-hunter.First a large set of malicious function samples normally used in web shells are collected from various sources on the Internet and security forums.Secondly according to the danger level and the frequency of using these malicious functions in the web shells as well as in legal web applications an assigning score strategy for each malicious sample is devised. Then the appropriate score threshold value for each sample is obtained from the results of a statistical analysis.Finally based on the threshold value a simple algorithm is presented to identify files that contain web shells in web applications. The experimental results show that compared with other approaches Evil-hunter can identify web shells more efficiently and accurately.