%0 Journal Article
%@ 1741-1114
%A Le, Viet Ha
%A Du, Phuong Hanh
%A Nguyen, Ngoc Cuong
%A Nguyen, Ngoc Hoa
%A Hoang, Viet Long
%D 2021
%F SisLab:4645
%I InderScience
%J International Journal of Web and Grid Services
%T A Proactive Method of the Webshell Detection and Prevention based on Deep Traffic Analysis
%U https://eprints.uet.vnu.edu.vn/eprints/id/eprint/4645/
%X The popularity of today's web application has led to web servers are frequently objects to injecting webshell attacks. In this paper, we propose a new deep inspection method, namely DLWD, to detect in real-time and proactively prevent webshell attacks. DLWSD is composed of both signature-based and DNN deep learning-based detection. Moreover, to avoid bottlenecks, DLWSD built-in DeepInspector inspects in real-time the large-scale traffic flows with a strategy of periodic sampling at a defined frequency and interval for only flows that do not satisfy any signature. DeepInspector can create/update rules from webshell attacking alert results to prevent in future. We also proposed a mechanism using the cross-entropy loss function to regulate the training imbalanced dataset. Our experiments allow validating the performance of DLWSD using a popular dataset CSE-CIC-IDS2018 with the metrics (Accuracy, F1-score, FPR) of (99.99%, 99.98%, 0.01%) respectively. It is also better compared with other studies using the same dataset.