SmartDetect: A smart detection scheme for malicious web shell codes via ensemble learning

Zijian Zhang; Meng Li; Liehuang Zhu; Xinyi Li

doi:10.1007/978-3-030-05755-8_20

SmartDetect: A smart detection scheme for malicious web shell codes via ensemble learning

Zijian Zhang, Meng Li, Liehuang Zhu^*, Xinyi Li

^*Corresponding author for this work

School of Cyberspace Science and Technology

Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

9 Citations (Scopus)

Abstract

The rapid global spread of the web technology has led to an increase in unauthorized intrusions into computers and networks. Malicious web shell codes used by hackers can often cause extremely harmful consequences. However, the existing detection methods cannot precisely distinguish between the bad codes and the good codes. To solve this problem, we first detected the malicious web shell codes by applying the traditional data mining algorithms: Support Vector Machine, K-Nearest Neighbor, Naive Bayes, Decision Tree, and Convolutional Neural Network. Then, we designed an ensemble learning classifier to further improve the accuracy. Our experimental analysis proved that the accuracy of SmartDetect—our proposed smart detection scheme for malicious web shell codes—was higher than the accuracy of Shell Detector and NeoPI on the dataset collected from Github. Also, the equal-error rate of the detection result of SmartDetect was lower than those of Shell Detector and NeoPI.

Original language	English
Title of host publication	Smart Computing and Communication - 3rd International Conference, SmartCom 2018, Proceedings
Editors	Meikang Qiu
Publisher	Springer Verlag
Pages	196-205
Number of pages	10
ISBN (Print)	9783030057541
DOIs	https://doi.org/10.1007/978-3-030-05755-8_20
Publication status	Published - 2018
Event	3rd International Conference on Smart Computing and Communications, SmartCom 2018 - Tokyo, Japan Duration: 10 Dec 2018 → 12 Dec 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11344 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	3rd International Conference on Smart Computing and Communications, SmartCom 2018
Country/Territory	Japan
City	Tokyo
Period	10/12/18 → 12/12/18

Keywords

Data mining
Malicious web shell code
Smart detection

Access to Document

10.1007/978-3-030-05755-8_20

Cite this

Zhang, Z., Li, M., Zhu, L., & Li, X. (2018). SmartDetect: A smart detection scheme for malicious web shell codes via ensemble learning. In M. Qiu (Ed.), Smart Computing and Communication - 3rd International Conference, SmartCom 2018, Proceedings (pp. 196-205). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11344 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-05755-8_20

Zhang, Zijian ; Li, Meng ; Zhu, Liehuang et al. / SmartDetect : A smart detection scheme for malicious web shell codes via ensemble learning. Smart Computing and Communication - 3rd International Conference, SmartCom 2018, Proceedings. editor / Meikang Qiu. Springer Verlag, 2018. pp. 196-205 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9bd6926ae27a4f68b5db243be7c74e4c,

title = "SmartDetect: A smart detection scheme for malicious web shell codes via ensemble learning",

abstract = "The rapid global spread of the web technology has led to an increase in unauthorized intrusions into computers and networks. Malicious web shell codes used by hackers can often cause extremely harmful consequences. However, the existing detection methods cannot precisely distinguish between the bad codes and the good codes. To solve this problem, we first detected the malicious web shell codes by applying the traditional data mining algorithms: Support Vector Machine, K-Nearest Neighbor, Naive Bayes, Decision Tree, and Convolutional Neural Network. Then, we designed an ensemble learning classifier to further improve the accuracy. Our experimental analysis proved that the accuracy of SmartDetect—our proposed smart detection scheme for malicious web shell codes—was higher than the accuracy of Shell Detector and NeoPI on the dataset collected from Github. Also, the equal-error rate of the detection result of SmartDetect was lower than those of Shell Detector and NeoPI.",

keywords = "Data mining, Malicious web shell code, Smart detection",

author = "Zijian Zhang and Meng Li and Liehuang Zhu and Xinyi Li",

note = "Publisher Copyright: {\textcopyright} 2018, Springer Nature Switzerland AG.; 3rd International Conference on Smart Computing and Communications, SmartCom 2018 ; Conference date: 10-12-2018 Through 12-12-2018",

year = "2018",

doi = "10.1007/978-3-030-05755-8_20",

language = "English",

isbn = "9783030057541",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "196--205",

editor = "Meikang Qiu",

booktitle = "Smart Computing and Communication - 3rd International Conference, SmartCom 2018, Proceedings",

address = "Germany",

}

Zhang, Z, Li, M, Zhu, L & Li, X 2018, SmartDetect: A smart detection scheme for malicious web shell codes via ensemble learning. in M Qiu (ed.), Smart Computing and Communication - 3rd International Conference, SmartCom 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11344 LNCS, Springer Verlag, pp. 196-205, 3rd International Conference on Smart Computing and Communications, SmartCom 2018, Tokyo, Japan, 10/12/18. https://doi.org/10.1007/978-3-030-05755-8_20

SmartDetect: A smart detection scheme for malicious web shell codes via ensemble learning. / Zhang, Zijian; Li, Meng; Zhu, Liehuang et al.
Smart Computing and Communication - 3rd International Conference, SmartCom 2018, Proceedings. ed. / Meikang Qiu. Springer Verlag, 2018. p. 196-205 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11344 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - SmartDetect

T2 - 3rd International Conference on Smart Computing and Communications, SmartCom 2018

AU - Zhang, Zijian

AU - Li, Meng

AU - Zhu, Liehuang

AU - Li, Xinyi

PY - 2018

Y1 - 2018

N2 - The rapid global spread of the web technology has led to an increase in unauthorized intrusions into computers and networks. Malicious web shell codes used by hackers can often cause extremely harmful consequences. However, the existing detection methods cannot precisely distinguish between the bad codes and the good codes. To solve this problem, we first detected the malicious web shell codes by applying the traditional data mining algorithms: Support Vector Machine, K-Nearest Neighbor, Naive Bayes, Decision Tree, and Convolutional Neural Network. Then, we designed an ensemble learning classifier to further improve the accuracy. Our experimental analysis proved that the accuracy of SmartDetect—our proposed smart detection scheme for malicious web shell codes—was higher than the accuracy of Shell Detector and NeoPI on the dataset collected from Github. Also, the equal-error rate of the detection result of SmartDetect was lower than those of Shell Detector and NeoPI.

AB - The rapid global spread of the web technology has led to an increase in unauthorized intrusions into computers and networks. Malicious web shell codes used by hackers can often cause extremely harmful consequences. However, the existing detection methods cannot precisely distinguish between the bad codes and the good codes. To solve this problem, we first detected the malicious web shell codes by applying the traditional data mining algorithms: Support Vector Machine, K-Nearest Neighbor, Naive Bayes, Decision Tree, and Convolutional Neural Network. Then, we designed an ensemble learning classifier to further improve the accuracy. Our experimental analysis proved that the accuracy of SmartDetect—our proposed smart detection scheme for malicious web shell codes—was higher than the accuracy of Shell Detector and NeoPI on the dataset collected from Github. Also, the equal-error rate of the detection result of SmartDetect was lower than those of Shell Detector and NeoPI.

KW - Data mining

KW - Malicious web shell code

KW - Smart detection

UR - http://www.scopus.com/inward/record.url?scp=85058559903&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-05755-8_20

DO - 10.1007/978-3-030-05755-8_20

M3 - Conference contribution

AN - SCOPUS:85058559903

SN - 9783030057541

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 196

EP - 205

BT - Smart Computing and Communication - 3rd International Conference, SmartCom 2018, Proceedings

A2 - Qiu, Meikang

PB - Springer Verlag

Y2 - 10 December 2018 through 12 December 2018

ER -

Zhang Z, Li M, Zhu L, Li X. SmartDetect: A smart detection scheme for malicious web shell codes via ensemble learning. In Qiu M, editor, Smart Computing and Communication - 3rd International Conference, SmartCom 2018, Proceedings. Springer Verlag. 2018. p. 196-205. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-05755-8_20

SmartDetect: A smart detection scheme for malicious web shell codes via ensemble learning

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this