@article{SisLab4645,
           title = {A Proactive Method of the Webshell Detection and Prevention based on Deep Traffic Analysis},
          author = {Viet Ha Le and Phuong Hanh Du and Ngoc Cuong Nguyen and Ngoc Hoa Nguyen and Viet Long Hoang},
       publisher = {InderScience},
            year = {2021},
         journal = {International Journal of Web and Grid Services},
             url = {https://eprints.uet.vnu.edu.vn/eprints/id/eprint/4645/},
        abstract = {The popularity of today's web application has led to web servers are frequently objects to injecting webshell attacks. In this paper, we propose a new deep inspection method, namely DLWD, to detect in real-time and proactively prevent webshell attacks. DLWSD is composed of both signature-based and DNN deep learning-based detection. Moreover, to avoid bottlenecks, DLWSD built-in DeepInspector inspects in real-time the large-scale traffic flows with a strategy of periodic sampling at a defined frequency and interval for only flows that do not satisfy any signature. DeepInspector can create/update rules from webshell attacking alert results to prevent in future. We also proposed a mechanism using the cross-entropy loss function to regulate the training imbalanced dataset. Our experiments allow validating the performance of DLWSD using a popular dataset CSE-CIC-IDS2018 with the metrics (Accuracy, F1-score, FPR) of (99.99\%, 99.98\%, 0.01\%) respectively. It is also better compared with other studies using the same dataset.}
}