TY  - INPR
ID  - SisLab4645
UR  - https://www.inderscience.com/jhome.php?jcode=ijwgs
A1  - Le, Viet Ha
A1  - Du, Phuong Hanh
A1  - Nguyen, Ngoc Cuong
A1  - Nguyen, Ngoc Hoa
A1  - Hoang, Viet Long
Y1  - 2021///
N2  - The popularity of today's web application has led to web servers are frequently objects to injecting webshell attacks. In this paper, we propose a new deep inspection method, namely DLWD, to detect in real-time and proactively prevent webshell attacks. DLWSD is composed of both signature-based and DNN deep learning-based detection. Moreover, to avoid bottlenecks, DLWSD built-in DeepInspector inspects in real-time the large-scale traffic flows with a strategy of periodic sampling at a defined frequency and interval for only flows that do not satisfy any signature. DeepInspector can create/update rules from webshell attacking alert results to prevent in future. We also proposed a mechanism using the cross-entropy loss function to regulate the training imbalanced dataset. Our experiments allow validating the performance of DLWSD using a popular dataset CSE-CIC-IDS2018 with the metrics (Accuracy, F1-score, FPR) of (99.99%, 99.98%, 0.01%) respectively. It is also better compared with other studies using the same dataset.
PB  - InderScience
JF  - International Journal of Web and Grid Services
SN  - 1741-1114
TI  - A Proactive Method of the Webshell Detection and Prevention based on Deep Traffic Analysis
AV  - none
ER  -