Go to SVCC 2023 homepageHoneyContainer: Container-based Webshell Command Injection Defending and Backtracking
Abstract: The web server is a vulnerable component in enterprise systems, susceptible to a variety of attack strategies. Of these, webshell attacks are particularly insidious, as they can be uploaded through legitimate paths and executed using network traffic that is indistinguishable from that of normal users. Despite the existence of several proposed detection methods for identifying webshell attacks, attackers can still easily evade them. To address this issue, we present HoneyContainer, an architecture designed to detect webshell-based command injection attacks, trace the origin of the attacker, and redirect malicious traffic to a honeypot container. Our prototype implementation of Honey-Container has been validated using 214 webshell files, with results demonstrating its ability to detect all shell command injection events and redirect malicious traffic. Our evaluations also indicate that the overhead caused by HoneyContainer is minimal and unlikely to be noticeable by normal users. The source code is released at https://github.com/wei-juncheng/webshell php5 demo
0 Replies
Loading