Prevention of webshell attack using machine learning techniques

Abstract

Webshell is a web vulnerability and a security threat to any user or a server that can be accessed by attackers to control our system. And also, they may use our system as a command control device to attack other systems. It is difficult to monitor and identify such threats because attackers always tried to attack in different methods and new technologies. However, we can detect the webshell with Machine Learning Techniques with better accuracy; all we need is more number of samples. With this project, we presented a PHP based webshell detecting model. We used different ML algorithms: Logistic Regression(LR), Random Forest(RF), Support Vector Machine(SVM) and K-Nearest Neighbour(KNN). Addition to this PHP file's standard statistical features, we also added an opcode sequence from the PHP files, consisting of the TF-IDF Vector and the Hash Vector. Depending upon these features, we trained with different machine learning models(SVM, RF, LR, KNN). In these models, we got better results with Random Forest having an accuracy of 96.45\% with a false-positive rate of 3.5\%, which is good results compared to several popular detection techniques. © Grenze Scientific Society, 2021.