GlareShell: Graph learning-based PHP webshell detection for web server of industrial internet

Pengbin Feng; Dawei Wei; Qiaoyang Li; Qin Wang; Youbing Hu; Ning Xi; Jianfeng Ma

GlareShell: Graph learning-based PHP webshell detection for web server of industrial internet

Pengbin Feng, Dawei Wei, Qiaoyang Li, Qin Wang, Youbing Hu, Ning Xi, Jianfeng Ma

Published: 01 Jan 2024, Last Modified: 09 Feb 2025Comput. Networks 2024EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Highlights•We proposed a novel graph learning-based PHP Webshell detection framework, namely GlareShell, that integrates the semantic information extracted from word embedding techniques and derived risk levels to identify the maliciousness of PHP script files.•We find that the risk weight mechanism is effective in improving the GNN algorithm in the security domain.•We evaluated GlareShell on the collected dataset, which consists of about 3K Webshell and 10K normal script files. Experiment results show the effectiveness of our graph learning-based detection framework.

Loading