A Webshell detection technology based on HTTP traffic analysis

Abstract

Webshell is a common backdoor program of web applications. After an attacker uploads Webshell successfully by using a vulnerability. Attacker can get a command execution environment to control the web server by access Webshell. In this paper, an attack detection technology based on SVM algorithm is proposed by analyzing the network traffic of attackers accessing Webshell. This technology realizes the detection of Webshell attack traffic in HTTP traffic by means of the method of supervised machine learning model. And this technology achieves high accuracy and recall rate. After detecting abnormal traffic, the system can locate the Webshell according to traffic information. And eliminate the backdoor in time to ensuring the security and stability of the web server. So it also can help to monitor the trend of intrusion and network security.