Webshell detection with byte-level features based on deep learning

<p>Web applications are exposed to many threats and, despite the best defensive efforts, are often successfully attacked. Reverting the effects of an attack on the state of such an application requires a profound knowledge about the application, to understand what data did the attack corrupt. Furthermore, it requires knowing what steps are needed to revert the effects without modifying legitimate data created by legitimate users. Existing intrusion recovery systems are capable of reverting the effects of the attack but they require modifications to the source code of the application, which may be unpractical. We present Sanare, a pluggable intrusion recovery system designed for web applications that use different data storage systems to keep their state. Sanare does not require any modification to the source code of the application or the web server. Instead, it uses Matchare, a new deep learning scheme we introduce to learn the matches between the HTTP requests and the database statements, file system operations and web services requests that the HTTP requests caused. We evaluated Sanare with three open source web applications: WordPress, GitLab and ownCloud. In our experiments Matchare achieved precision and recall higher than 97.5%.</p>

Download Full-text

A Deep Random Forest Model on Spark for Network Intrusion Detection

Mobile Information Systems ◽

10.1155/2020/6633252 ◽

2020 ◽

Vol 2020 ◽

pp. 1-16

Author(s):

Zhenpeng Liu ◽

Nan Su ◽

Yiwen Qin ◽

Jiahuan Lu ◽

Xiaofei Li

Keyword(s):

Deep Learning ◽

Random Forest ◽

Intrusion Detection ◽

Detection Efficiency ◽

Original Data ◽

Learning Ability ◽

Network Intrusion Detection ◽

Complex Data ◽

Cache Replacement ◽

Network Intrusion

This paper focuses on an important research problem of cyberspace security. As an active defense technology, intrusion detection plays an important role in the field of network security. Traditional intrusion detection technologies have problems such as low accuracy, low detection efficiency, and time consuming. The shallow structure of machine learning has been unable to respond in time. To solve these problems, the deep learning-based method has been studied to improve intrusion detection. The advantage of deep learning is that it has a strong learning ability for features and can handle very complex data. Therefore, we propose a deep random forest-based network intrusion detection model. The first stage uses a slide window to segment original features into many small pieces and then trains a random forest to generate the concatenated class vector as rerepresentation. The vector will be used to train the multilevel cascade parallel random forest in the second stage. Finally, the classification of the original data is determined by voting strategy after the last layer of cascade. Meanwhile, the model is deployed in Spark environment and optimizes cache replacement strategy of RDDs by efficiency sorting and partition integrity check. The experiment results indicate that the proposed method can effectively detect anomaly network behaviors, with high F1-measure scores and high accuracy. The results also show that it can cut down the average execution time on different scaled clusters.

Download Full-text

Sanare: Pluggable Intrusion Recovery for Web Applications

10.36227/techrxiv.13725991.v1 ◽

2021 ◽

Author(s):

David Matos ◽

Miguel Correia ◽

Miguel Pardal

Keyword(s):

Deep Learning ◽

Web Services ◽

Data Storage ◽

Web Applications ◽

Storage Systems ◽

Source Code ◽

Profound Knowledge ◽

Recovery System ◽

The Web ◽

Intrusion Recovery

<p>Web applications are exposed to many threats and, despite the best defensive efforts, are often successfully attacked. Reverting the effects of an attack on the state of such an application requires a profound knowledge about the application, to understand what data did the attack corrupt. Furthermore, it requires knowing what steps are needed to revert the effects without modifying legitimate data created by legitimate users. Existing intrusion recovery systems are capable of reverting the effects of the attack but they require modifications to the source code of the application, which may be unpractical. We present Sanare, a pluggable intrusion recovery system designed for web applications that use different data storage systems to keep their state. Sanare does not require any modification to the source code of the application or the web server. Instead, it uses Matchare, a new deep learning scheme we introduce to learn the matches between the HTTP requests and the database statements, file system operations and web services requests that the HTTP requests caused. We evaluated Sanare with three open source web applications: WordPress, GitLab and ownCloud. In our experiments Matchare achieved precision and recall higher than 97.5%.</p>

Download Full-text

A Vulnerability Detection System Based on Fusion of Assembly Code and Source Code

Security and Communication Networks ◽

10.1155/2021/9997641 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Xingzheng Li ◽

Bingwen Feng ◽

Guofeng Li ◽

Tong Li ◽

Mingjin He

Keyword(s):

Detection System ◽

Source Code ◽

Detection Methods ◽

Alignment Algorithm ◽

Vulnerability Detection ◽

Timely Manner ◽

Assembly Code ◽

Software Vulnerabilities ◽

Network Intrusion ◽

Deep Learning Model

Software vulnerabilities are one of the important reasons for network intrusion. It is vital to detect and fix vulnerabilities in a timely manner. Existing vulnerability detection methods usually rely on single code models, which may miss some vulnerabilities. This paper implements a vulnerability detection system by combining source code and assembly code models. First, code slices are extracted from the source code and assembly code. Second, these slices are aligned by the proposed code alignment algorithm. Third, aligned code slices are converted into vector and input into a hyper fusion-based deep learning model. Experiments are carried out to verify the system. The results show that the system presents a stable and convergent detection performance.

Download Full-text

Network Intrusion Detection Methods Based on Deep Learning

Recent Patents on Engineering ◽

10.2174/1872212114999200403092708 ◽

2020 ◽

Vol 14 ◽

Author(s):

Xiangwen Li ◽

Shuang Zhang

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

False Positive Rate ◽

Detection Algorithm ◽

Detection Methods ◽

Network Intrusion Detection ◽

Test Time ◽

Data Set ◽

Network Intrusion ◽

Kdd Cup 99

: To detect network attacks more effectively, this study uses Honeypot techniques to collect the latest network attack data and proposes network intrusion detection classification models based on deep learning combined with DNN and LSTM models. Experiments showed that the data set training models gave better results than the KDD CUP 99 training model’s detection rate and false positive rate. The DNN-LSTM intrusion detection algorithm proposed in this study gives better results than KDD CUP 99 training model. Compared to other algorithms such as LeNet, DNN-LSTM intrusion detection algorithm exhibits shorter classification test time along with better accuracy and recall rate of intrusion detection.

Download Full-text

Automated Vulnerability Detection in Source Code Using Minimum Intermediate Representation Learning

Applied Sciences ◽

10.3390/app10051692 ◽

2020 ◽

Vol 10 (5) ◽

pp. 1692 ◽

Cited By ~ 3

Author(s):

Xin Li ◽

Lu Wang ◽

Yang Xin ◽

Yixian Yang ◽

Yuling Chen

Keyword(s):

Detection Method ◽

False Positive Rate ◽

Source Code ◽

Representation Learning ◽

Detection Methods ◽

Intermediate Representation ◽

Vulnerability Detection ◽

Network Intrusion ◽

Intelligent Methods ◽

High Level

Vulnerability is one of the root causes of network intrusion. An effective way to mitigate security threats is to discover and patch vulnerabilities before an attack. Traditional vulnerability detection methods rely on manual participation and incur a high false positive rate. The intelligent vulnerability detection methods suffer from the problems of long-term dependence, out of vocabulary, coarse detection granularity and lack of vulnerable samples. This paper proposes an automated and intelligent vulnerability detection method in source code based on the minimum intermediate representation learning. First, the sample in the form of source code is transformed into a minimum intermediate representation to exclude the irrelevant items and reduce the length of the dependency. Next, the intermediate representation is transformed into a real value vector through pre-training on an extended corpus, and the structure and semantic information are retained. Then, the vector is fed to three concatenated convolutional neural networks to obtain high-level features of vulnerability. Last, a classifier is trained using the learned features. To validate this vulnerability detection method, an experiment was performed. The empirical results confirmed that compared with the traditional methods and the state-of-the-art intelligent methods, our method has a better performance with fine granularity.

Download Full-text

Design and Development of New Auto-Detecting Platformfor Hoists of Suspended Access Platform

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.201-203.1373 ◽

2011 ◽

Vol 201-203 ◽

pp. 1373-1378 ◽

Cited By ~ 1

Author(s):

Jia Sun ◽

Yu Hou Wu ◽

Ke Zhang

Keyword(s):

Control System ◽

Detection Efficiency ◽

Data Communication ◽

Detection Methods ◽

Test Results ◽

Time Data ◽

Development Platform ◽

Machine Interface ◽

Automation Technology ◽

And Control

A new detecting platform has been designed and developed to improve the performance of suspended access platform’s hoists in the paper. The new platform consists of a mechanical and control piece. The core control system is designed based on S7-200PLC and VB6.0; Computer is a superior machine and S7-200PLC is an inferior machine in the system; VB6.0 is used in the superior machine as the development platform. Testing data will be saved into Excel2000 by using VB's OLE automation technology; and in the VB environment, using OPC standard drive will complete real-time data communication between superior and inferior, also complete data processing at the same time. Therefore, Man-machine interface and reliable control system can be built. The inferior computer can achieve running and testing process control of hoists and collect the data of tension, vibration and temperature of hoists. The practical application of the platform shows that the system can well reduce the time costs and improve test results’ inaccurate of existing detection methods. The detection efficiency is improved; the labor intensity of operators and the running costs of produces are reduced, greatly.

Download Full-text

Saliency detection in deep learning era: trends of development

Information and Control Systems ◽

10.31799/1684-8853-2019-3-10-36 ◽

2019 ◽

pp. 10-36 ◽

Cited By ~ 2

Author(s):

M. N. Favorskaya ◽

L. C. Jain

Keyword(s):

Deep Learning ◽

Object Detection ◽

Event Detection ◽

Visual Analysis ◽

Saliency Detection ◽

Salient Object Detection ◽

Public Image ◽

Detection Methods ◽

Salient Object ◽

Salient Event

Introduction:Saliency detection is a fundamental task of computer vision. Its ultimate aim is to localize the objects of interest that grab human visual attention with respect to the rest of the image. A great variety of saliency models based on different approaches was developed since 1990s. In recent years, the saliency detection has become one of actively studied topic in the theory of Convolutional Neural Network (CNN). Many original decisions using CNNs were proposed for salient object detection and, even, event detection.Purpose:A detailed survey of saliency detection methods in deep learning era allows to understand the current possibilities of CNN approach for visual analysis conducted by the human eyes’ tracking and digital image processing.Results:A survey reflects the recent advances in saliency detection using CNNs. Different models available in literature, such as static and dynamic 2D CNNs for salient object detection and 3D CNNs for salient event detection are discussed in the chronological order. It is worth noting that automatic salient event detection in durable videos became possible using the recently appeared 3D CNN combining with 2D CNN for salient audio detection. Also in this article, we have presented a short description of public image and video datasets with annotated salient objects or events, as well as the often used metrics for the results’ evaluation.Practical relevance:This survey is considered as a contribution in the study of rapidly developed deep learning methods with respect to the saliency detection in the images and videos.

Download Full-text

Literature survey of deep learning-based vulnerability analysis on source code

IET Software ◽

10.1049/iet-sen.2020.0084 ◽

2020 ◽

Vol 14 (6) ◽

pp. 654-664

Author(s):

Abubakar Omari Abdallah Semasaba ◽

Wei Zheng ◽

Xiaoxue Wu ◽

Samuel Akwasi Agyemang

Keyword(s):

Deep Learning ◽

Source Code ◽

Vulnerability Analysis ◽

Literature Survey

Download Full-text

Network intrusion detection method based on deep learning

Journal of Physics Conference Series ◽

10.1088/1742-6596/1966/1/012051 ◽

2021 ◽

Vol 1966 (1) ◽

pp. 012051

Author(s):

Shuai Zou ◽

Fangwei Zhong ◽

Bing Han ◽

Hao Sun ◽

Tao Qian ◽

...

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Detection Method ◽

Network Intrusion Detection ◽

Network Intrusion

Download Full-text