relation: https://eprints.uet.vnu.edu.vn/eprints/id/eprint/4645/
title: A Proactive Method of the Webshell Detection and Prevention based on Deep Traffic Analysis
creator: Le, Viet Ha
creator: Du, Phuong Hanh
creator: Nguyen, Ngoc Cuong
creator: Nguyen, Ngoc Hoa
creator: Hoang, Viet Long
subject: Scopus-indexed journals
subject: ISI-indexed journals
description: The popularity of today's web application has led to web servers are frequently objects to injecting webshell attacks. In this paper, we propose a new deep inspection method, namely DLWD, to detect in real-time and proactively prevent webshell attacks. DLWSD is composed of both signature-based and DNN deep learning-based detection. Moreover, to avoid bottlenecks, DLWSD built-in DeepInspector inspects in real-time the large-scale traffic flows with a strategy of periodic sampling at a defined frequency and interval for only flows that do not satisfy any signature. DeepInspector can create/update rules from webshell attacking alert results to prevent in future. We also proposed a mechanism using the cross-entropy loss function to regulate the training imbalanced dataset. Our experiments allow validating the performance of DLWSD using a popular dataset CSE-CIC-IDS2018 with the metrics (Accuracy, F1-score, FPR) of (99.99%, 99.98%, 0.01%) respectively. It is also better compared with other studies using the same dataset.
publisher: InderScience
date: 2021
type: Article
type: NonPeerReviewed
identifier:   Le, Viet Ha and Du, Phuong Hanh and Nguyen, Ngoc Cuong and Nguyen, Ngoc Hoa and Hoang, Viet Long  (2021) A Proactive Method of the Webshell Detection and Prevention based on Deep Traffic Analysis.  International Journal of Web and Grid Services .    ISSN 1741-1114    (In Press)  
relation: https://www.inderscience.com/jhome.php?jcode=ijwgs