WTA: A Static Taint Analysis Framework for PHP Webshell

Zhao, Jiazhen; Lu, Yuliang; Wang, Xin; Zhu, Kailong; Yu, Lu

doi:10.3390/app11167763

Cited by 5 publications

(2 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Currently, Webshell detection research can be divided into dynamic detection and static detection according to the detection method [16]. Dynamic detection can detect Webshell from both host and network levels, while static detection mainly uses various features of the source code to identify Webshell files and normal files.…”

Section: Related Wordmentioning

confidence: 99%

AST-DF: A New Webshell Detection Method Based on Abstract Syntax Tree and Deep Forest

Dong,

2024

Electronics

View full text Add to dashboard Cite

Webshell is a kind of web-language-based website backdoor, which is usually used by attackers to control web servers. Due to its dangerous nature, how to detect Webshell effectively has become a hot research topic in current Web security research. With the rapid development of Webshell evasion technology, the existing Webshell detection methods have the problem of insufficient ability to detect unknown Webshells. In order to solve the above problems and achieve effective Webshell detection, this study proposes a Webshell detection method based on the abstract syntax tree (AST) and deep forest (DF) model called AST-DF. AST-DF first extracts the abstract syntax tree from the PHP code; then, the abstract syntax tree sequence is feature extracted and vectorized using N-gram and TF-IDF. Finally, the vectors are imported into the deep forest model for classification to determine whether the PHP code to be detected is a Webshell or not. The experimental results show that AST-DF achieves remarkable effects in the task of detecting PHP-type Webshells, with a 99.61% accuracy rate, and the values of precision, recall, and F1 score are more than 99%.

show abstract

Section: Related Wordmentioning

confidence: 99%

AST-DF: A New Webshell Detection Method Based on Abstract Syntax Tree and Deep Forest

Dong,

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…The framework of the static taint analysis module in this paper is shown in Figure 4. This module uses our previous research achievement WTA [21], which is a prototype system that can perform fine-grained taint analysis on opcodes. On the basis of WTA, we expanded and improved the dangerous function part of the auxiliary data to meet the analysis requirements of RCE vulnerabilities, and modified the result output module to output information related to vulnerable code.…”

Section: Static Taint Analysismentioning

confidence: 99%

Cefuzz: An Directed Fuzzing Framework for PHP RCE Vulnerability

Zhao

Zhu

et al. 2022

Electronics

Self Cite

View full text Add to dashboard Cite

Current static detection technology for web application vulnerabilities relies highly on specific vulnerability patterns, while dynamic analysis technology has the problem of low vulnerability coverage. In order to improve the ability to detect unknown web application vulnerabilities, this paper proposes a PHP Remote Command/Code Execution (RCE) vulnerability directed fuzzing method. Our method is a combination of static and dynamic methods. First, we obtained the potential RCE vulnerability information of the web application through fine-grained static taint analysis. The,n we performed instrumentation for the source code of the web application based on the potential RCE vulnerability information to provide feedback information for fuzzing. Finally, a loop feedback web application vulnerability automatic verification mechanism was established in which the vulnerability verification component provides feedback information, and the seed mutation component improves the vulnerability test seed based on the feedback information. On the basis of this method, the prototype system Cefuzz (Command/Code Execution Fuzzer) is implemented. Thorough experiments show that, compared with the existing web application vulnerability detection methods, Cefuzz significantly improves the verification effect of RCE vulnerabilities, discovering 13 unknown vulnerabilities in 10 popular web CMSes.

show abstract

Webshell Detection Based on Explicit Duration Recurrent Network

Xie

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

WTA: A Static Taint Analysis Framework for PHP Webshell

Cited by 5 publications

References 25 publications

AST-DF: A New Webshell Detection Method Based on Abstract Syntax Tree and Deep Forest

AST-DF: A New Webshell Detection Method Based on Abstract Syntax Tree and Deep Forest

Cefuzz: An Directed Fuzzing Framework for PHP RCE Vulnerability

Webshell Detection Based on Explicit Duration Recurrent Network

Contact Info

Product

Resources

About