eprintid: 4644
rev_number: 4
eprint_status: archive
userid: 321
dir: disk0/00/00/46/44
datestamp: 2021-11-16 04:36:51
lastmod: 2021-11-16 04:36:51
status_changed: 2021-11-16 04:36:51
type: article
succeeds: 4472
metadata_visibility: show
creators_name: Le, Viet Ha
creators_name: Nguyen, Ngoc Tu
creators_name: Nguyen, Ngoc Hoa
creators_name: Le, Linh
creators_id: levietha@chinhphu.vn
creators_id: tu.nguyen@kennesaw.edu
creators_id: hoa.nguyen@vnu.edu.vn
creators_id: lle13@kennesaw.edu
title: An Efficient Hybrid Webshell Detection Method for Webserver of Marine Transportation Systems
ispublished: pub
subjects: Scopus
subjects: isi
divisions: fac_fit
abstract: An increase in the number of Maritime Intelligent Transport Systems (MITSs) also means an increase in the number of information security risks. Usually, the administration and operation of MITSs are done through web servers that are frequently targeted by hackers. In marine transportation industry, malicious code injection attacks (webshell) has been widely exploited by hackers to take full control of Web servers. Traditional webshell detection methods based on pattern matching that are no longer effective against new types of webshell. This motivates us to investigate the problem of detecting obfuscation or unknown webshells, termed OUW problem. In this work, we propose a pattern-matching-deep-learning hybrid ASP.NET webshell detection method (H-DLPMWD) to address the OUW problem. H-DLPMWD is based on Yara-based pattern matching to clean dataset; modeling ASP.NET code files as an operation code index (OCI) vectors; and applying CNN method to train and predict webshell in OCI vectors. To validate H-DLPMWD, our rigorous experimentation demonstrates that H-DLPMWD achieves an excellent accuracy of 98.49%, F1-score of 99.01%, and a low false positive rate of 1.75%.
date: 2021-11
date_type: published
publisher: IEEE
official_url: https://ieeexplore.ieee.org/document/9600606
id_number: 10.1109/TITS.2021.3122979
full_text_status: none
publication: IEEE Transactions on Intelligent Transportation Systems
refereed: FALSE
issn: 1524-9050
citation:   Le, Viet Ha and Nguyen, Ngoc Tu and Nguyen, Ngoc Hoa and Le, Linh  (2021) An Efficient Hybrid Webshell Detection Method for Webserver of Marine Transportation Systems.  IEEE Transactions on Intelligent Transportation Systems .    ISSN 1524-9050