New Approach to Shorten Feature Set via TF-IDF for Machine Learning-Based Webshell Detection
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F24%3APU152193" target="_blank" >RIV/00216305:26220/24:PU152193 - isvavai.cz</a>
Result on the web
<a href="https://ieeexplore.ieee.org/document/10679498" target="_blank" >https://ieeexplore.ieee.org/document/10679498</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/CSR61664.2024.10679498" target="_blank" >10.1109/CSR61664.2024.10679498</a>
Alternative languages
Result language
angličtina
Original language name
New Approach to Shorten Feature Set via TF-IDF for Machine Learning-Based Webshell Detection
Original language description
The existence of malicious webshells poses a significant threat to the security infrastructure of computer systems, smart devices, and applications. In our work, prevalent forms of malicious webshell scripts, such as PHP, ASP, ASPX, JSP and Powershell have been identified. Machine learning techniques have been proved to be a valuable tool for detecting webshells. Feature reduction has played an important role to overcome excessive features of the dataset in the feature reduction phase, which helps reducing computational costs while still keeping the generalization of machine learning model. This study introduces an innovative approach in feature reduction research by leveraging regular expressions to filter functions or words in webshell files. Subsequently, through the calculation of Term Frequency-Inverse Document Frequency (TF-IDF) values and the establishment of a cut-off point, common and rare features lacking distinguishing value between benign and malicious activities are eliminated. Then, this work extends its scope to perform webshell detection of five types (PHP, ASP, ASPX, JSP, Powershell). Besides, we utilize five distinct machine learning models: Random Forest (RF), Extreme Gradient Boosting (XGB), Multi-layer Perceptron (MLP), Support Vector Machine (SVM), and Convolutional Neural Network (CNN). Computational metrics including Accuracy, F1-score and Training time are examined to comprehensively assess the efficiency of each methodology. Overall results shows that the proposed approach not only accelerates computation time but also enhances the classification accuracy of machine learning models. The outcome of this research underscores the efficiency of the proposed methodology with the highest accuracy of 99.61% when utilizing RF and a cut-off point of 200 (1548 features).
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
20203 - Telecommunications
Result continuities
Project
<a href="/en/project/VK01030019" target="_blank" >VK01030019: Interactive checklists for effective cybersecurity testing</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2024
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
2024 IEEE International Conference on Cyber Security and Resilience (CSR)
ISBN
979-8-3503-7536-7
ISSN
—
e-ISSN
—
Number of pages
6
Pages from-to
1-6
Publisher name
IEEE
Place of publication
London, United Kingdom
Event location
Londýn
Event date
Sep 2, 2024
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
001327167900008