@inproceedings{10.1145/3194452.3194470,
author = {Fang, Yong and Qiu, Yaoyao and Liu, Liang and Huang, Cheng},
title = {Detecting Webshell Based on Random Forest with FastText},
year = {2018},
isbn = {9781450364195},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3194452.3194470},
doi = {10.1145/3194452.3194470},
abstract = {Web-based remote access Trojan (or webshell) is a kind of tool for network intrusion, which can be uploaded to a website to access web service management authority. Once attacker injected successfully, it can cause great damage so that it is crucial to detect webshell effectively. Webshells are flexible and changeable by using of obfuscation techniques, which compounds the difficulties of detecting. A PHP webshell detection model is proposed in this paper, which based on a combination of fastText and random forest algorithm and called FRF-WD. The PHP opcode sequences as an important feature applied for webshell detection. The experimental results show that the model can provide high detection rate and low false alarm rate, which proved the feasibility and validity of the model.},
booktitle = {Proceedings of the 2018 International Conference on Computing and Artificial Intelligence},
pages = {52–56},
numpages = {5},
keywords = {FastText, Opcode, Random Forest, Webshell, Webshell Detection},
location = {Chengdu, China},
series = {ICCAI '18}
}