信息安全研究2026,Vol.12Issue(3):255-264,10.DOI:10.12379/j.issn.2096-1057.2026.03.07
基于网页结构相似性的WebShell攻击成功快速判别方法
A Rapid Method for WebShell Attack Success Determination Based on Web Page Structural Similarity
摘要
Abstract
WebShell attack,a type of network attack,can control the website completely for a long time after a successful attack,which is extremely harmful.Most of the previous studies have concentrated on detecting and alerting WebShell attack traffic without distinguishing whether the attack is ultimately successful.As a result,in actual network security protection and monitoring work,security personnel are overwhelmed by a large number of WebShell attack alerts and are prone to alert fatigue,making it difficult to filter out successful WebShell attacks which are truly threatening.To address the problem,this paper proposes an anomaly detection method based on Web page structural similarity to quickly determine whether WebShell attacks are successful.Based on the structural information of the response pages of failed WebShell attack traffic,this method uses the Hunt-Szymanski algorithm to calculate structural similarity and then generate Web page templates.During the detection phase,this method uses the generated Web page templates for pattern matching and similarity assessment to determine whether the WebShell attacks are successful.It can well distinguish between successful and failed WebShell attack traffic,achieving an accuracy rate of 99.02%and a recall rate of 99.37%.This method has been applied to Wukong network security defense system and realizes rapid identification of successful WebShell attacks.关键词
WebShell/异常流量检测/告警疲劳/结构相似性/网页模板Key words
WebShell/anomaly traffic detection/alert fatigue/structural similarity/Web page template分类
信息技术与安全科学引用本文复制引用
魏家栋,魏金侠,付豫豪,黄潘,孙德刚,龙春..基于网页结构相似性的WebShell攻击成功快速判别方法[J].信息安全研究,2026,12(3):255-264,10.基金项目
国家重点研发计划项目(2023YFC3304704) (2023YFC3304704)
中国科学院青年创新促进会项目(2022170) (2022170)
中国科学院网络安全和信息化专项项目(CAS-WX2022GC-04) (CAS-WX2022GC-04)
