AI-Based Webshell Detection Model – Detailed Overview
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
While injection vulnerabilities are on the rise, Webshells have become a serious concern.
They allow attackers to gain unauthorized access and run malicious code on web servers.
For the correct detection of webshells with various forms, obfuscation techniques, and stealthy features, it is necessary to identify unique characteristics that differentiate them from innocent data.
The following cybersecurity researchers discovered that the AI and deep learning models can outperform traditional static and rule-based methods by using abstract features extracted from vectorized representations of code, opcodes, or network traffic:-
However, an extensive examination of these AI-powered techniques should be conducted to understand their strengths, weaknesses, and future potential in fighting the ever-changing landscape of Webshells.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Technical Analysis
There has been a boom in artificial intelligence (AI) webshell detection recently, with every stage being optimized from data preparation to model creation.
Techniques range from attention mechanisms and word embeddings to abstract syntax tree analysis, opcode vectorization, pattern matching, session modeling from weblogs, and ensembling static and dynamic features.
Although these methods have surpassed traditional ones in terms of detection rate, they are still limited by their inflexible filtering rules and reliance on specific languages.
Unknown approaches combine unclear matching with recurrent neural networks to identify key webshell behaviors relating to data transmission or execution across different implementations.
To keep up with evolving webshell threats, feature engineering should be further improved while new model architectures must be designed for better detection accuracy and reliability.
Besides this, to mine feature languages, authors used 1-gram and 4-gram opcodes and selected features using algorithms with the same n-grams.
They observed that integrating LR, SVM, MLP, and RF classifiers with weighted values to detect webshells caused slow detection speeds.
They also noted some limitations of both static and dynamic methods based on features consequently requiring a more complete set of these methods.
The major challenges encountered were unbalanced datasets, irrelevant features, and limitations in the detection algorithm.
Data imbalances were resolved through de-duplication, SMOTE, and ensemble learning.
Different deep learning approaches such as CNN and LSTM were tried out together with various fusion methods.
New techniques were designed to deal with issues like long script identification as well as feature engineering constraints taking into account privacy concerns surrounding data usage.
However, problems remained related to performance comparison among different systems and the large amount of data required for processing purposes.
Finally, at the source code level, where opcode conversion is limited, detection accuracy was found to be higher than any other level and layer according to them, but this might not always hold true.
The data representation for detecting webshells is still a topic of debate.
While source code contains more semantic information, it also encounters interlanguage problems, on the other hand, opcode, and static features can recognize new kinds at the cost of losing some data.
ASTs and flow traffic information have been suggested as other options because they can overcome the limitations imposed by programming languages, but these require elaborate pre-processing steps.
Although deep learning is good at capturing generalizations from concrete examples, it cannot handle very large inputs.
It has been found that models trained on imbalanced datasets perform poorly when presented with new instances.
Therefore, industries need to work together to create fairer representations, which will lead to better AI training sets for future use.
#Cyber_Security #Cyber_Security_News #Malware #Vulnerability #AI-Based_Security #Cybersecurity_Research #Webshell_Detection
Оригинальная версия на сайте:
AI-Based Webshell Detection Model – Detailed Overview
Author: Tushar Subhra DuttaWhile injection vulnerabilities are on the rise, Webshells have become a serious concern.
They allow attackers to gain unauthorized access and run malicious code on web servers.
For the correct detection of webshells with various forms, obfuscation techniques, and stealthy features, it is necessary to identify unique characteristics that differentiate them from innocent data.
The following cybersecurity researchers discovered that the AI and deep learning models can outperform traditional static and rule-based methods by using abstract features extracted from vectorized representations of code, opcodes, or network traffic:-
- Mingrui Ma
- Lansheng Han
- Chunjie Zhou
However, an extensive examination of these AI-powered techniques should be conducted to understand their strengths, weaknesses, and future potential in fighting the ever-changing landscape of Webshells.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Technical Analysis
There has been a boom in artificial intelligence (AI) webshell detection recently, with every stage being optimized from data preparation to model creation.
Techniques range from attention mechanisms and word embeddings to abstract syntax tree analysis, opcode vectorization, pattern matching, session modeling from weblogs, and ensembling static and dynamic features.
Although these methods have surpassed traditional ones in terms of detection rate, they are still limited by their inflexible filtering rules and reliance on specific languages.
Unknown approaches combine unclear matching with recurrent neural networks to identify key webshell behaviors relating to data transmission or execution across different implementations.
To keep up with evolving webshell threats, feature engineering should be further improved while new model architectures must be designed for better detection accuracy and reliability.
Besides this, to mine feature languages, authors used 1-gram and 4-gram opcodes and selected features using algorithms with the same n-grams.
They observed that integrating LR, SVM, MLP, and RF classifiers with weighted values to detect webshells caused slow detection speeds.
They also noted some limitations of both static and dynamic methods based on features consequently requiring a more complete set of these methods.
The major challenges encountered were unbalanced datasets, irrelevant features, and limitations in the detection algorithm.
Data imbalances were resolved through de-duplication, SMOTE, and ensemble learning.
Different deep learning approaches such as CNN and LSTM were tried out together with various fusion methods.
New techniques were designed to deal with issues like long script identification as well as feature engineering constraints taking into account privacy concerns surrounding data usage.
However, problems remained related to performance comparison among different systems and the large amount of data required for processing purposes.
Finally, at the source code level, where opcode conversion is limited, detection accuracy was found to be higher than any other level and layer according to them, but this might not always hold true.
The data representation for detecting webshells is still a topic of debate.
While source code contains more semantic information, it also encounters interlanguage problems, on the other hand, opcode, and static features can recognize new kinds at the cost of losing some data.
ASTs and flow traffic information have been suggested as other options because they can overcome the limitations imposed by programming languages, but these require elaborate pre-processing steps.
Although deep learning is good at capturing generalizations from concrete examples, it cannot handle very large inputs.
It has been found that models trained on imbalanced datasets perform poorly when presented with new instances.
Therefore, industries need to work together to create fairer representations, which will lead to better AI training sets for future use.
#Cyber_Security #Cyber_Security_News #Malware #Vulnerability #AI-Based_Security #Cybersecurity_Research #Webshell_Detection
Оригинальная версия на сайте:
