网络与信息安全学报2025,Vol.11Issue(3):109-119,11.DOI:10.11959/j.issn.2096-109x.2025033
FLWD:基于联邦学习的Webshell检测方法
FLWD:A Webshell detection method based on federated learning
摘要
Abstract
Webshell attacks were a common technique where attackers gained partial control over the Web server through a Webshell to carry out malicious activities.Due to the covert nature of Webshell operations and the con-tinuous creation of new Webshell variants by attackers to evade security detection,coupled with the lack of infor-mation sharing and coordination between servers,uneven detection capabilities in responding to Webshell attacks emerged,making it difficult to establish a comprehensive and effective defense system.To address these chal-lenges,a Webshell detection method based on federated learning was proposed.The method integrated the abstract syntax tree node value sequence features,code structure features,text obfuscation features,and cybersecurity exper-tise and experience features of Webshells.A TextCNN-based network model was designed to learn the malicious behaviors of Webshell samples.Meanwhile,the FedAvg algorithm of federated learning and the DP-SGD algorithm were employed for collaborative training across multiple participants without data leaving their domains.This en-sured data privacy and prevented sensitive information leakage.Experimental results on the AMWD'22 dataset show that the model's accuracy is 99.47%,with an F1 score of 99.67%,indicating better detection performance compared to basic algorithm models and existing research algorithm models.In the federated learning experiments,the proposed model could learn from the data of each participant without leaving the domain,increasing the detec-tion accuracy from 98.01%to 99.01%.关键词
Webshell检测/联邦学习/差分隐私/抽象语法树/TextCNNKey words
Webshell detection/federated learning/differential privacy/abstract syntax tree/TextCNN分类
信息技术与安全科学引用本文复制引用
曾庆鹏,柴江力,吴水秀..FLWD:基于联邦学习的Webshell检测方法[J].网络与信息安全学报,2025,11(3):109-119,11.基金项目
国家自然科学基金(62466028) The National Natural Science Foundation of China(62466028) (62466028)
