webshell
Research and application of artificial intelligence based webshell detection model: A literature review
Ma, Mingrui, Han, Lansheng, Zhou, Chunjie
Webshell, as the "culprit" behind numerous network attacks, is one of the research hotspots in the field of cybersecurity. However, the complexity, stealthiness, and confusing nature of webshells pose significant challenges to the corresponding detection schemes. With the rise of Artificial Intelligence (AI) technology, researchers have started to apply different intelligent algorithms and neural network architectures to the task of webshell detection. However, the related research still lacks a systematic and standardized methodological process, which is confusing and redundant. Therefore, following the development timeline, we carefully summarize the progress of relevant research in this field, dividing it into three stages: Start Stage, Initial Development Stage, and In-depth Development Stage. We further elaborate on the main characteristics and core algorithms of each stage. In addition, we analyze the pain points and challenges that still exist in this field and predict the future development trend of this field from our point of view. To the best of our knowledge, this is the first review that details the research related to AI-based webshell detection. It is also hoped that this paper can provide detailed technical information for more researchers interested in AI-based webshell detection tasks.
Large Language Models are Few-shot Generators: Proposing Hybrid Prompt Algorithm To Generate Webshell Escape Samples
Ma, Mingrui, Han, Lansheng, Zhou, Chunjie
The frequent occurrence of cyber-attacks has made webshell attacks and defense gradually become a research hotspot in the field of network security. However, the lack of publicly available benchmark datasets and the over-reliance on manually defined rules for webshell escape sample generation have slowed down the progress of research related to webshell escape sample generation strategies and artificial intelligence-based webshell detection algorithms. To address the drawbacks of weak webshell sample escape capabilities, the lack of webshell datasets with complex malicious features, and to promote the development of webshell detection technology, we propose the Hybrid Prompt algorithm for webshell escape sample generation with the help of large language models. As a prompt algorithm specifically developed for webshell sample generation, the Hybrid Prompt algorithm not only combines various prompt ideas including Chain of Thought, Tree of Thought, but also incorporates various components such as webshell hierarchical module and few-shot example to facilitate the LLM in learning and reasoning webshell escape strategies. Experimental results show that the Hybrid Prompt algorithm can work with multiple LLMs with excellent code reasoning ability to generate high-quality webshell samples with high Escape Rate (88.61% with GPT-4 model on VIRUSTOTAL detection engine) and Survival Rate (54.98% with GPT-4 model).
6 lessons 'Ghost in the Shell' can teach you about cybersecurity
The original Ghost in the Shell (GitS) movie was practically compulsory material in the hacker subculture of the late 90s, early 2000s. The original touched on themes that all geeks can appreciate, including robotics, sentient AI, human augmentation, active ("thermal-optic") camouflage, transferring human consciousness to a machine, and more. The main protagonist was a hacker called the Puppet Master, and the idea of hacking technically augmented humans was ahead its time (the Internet of Things wasn't even a "thing" then). This is probably why GitS imagery and themes have been iconic in hacker culture (like this GitS-ish t-shirt). As a fan of the complete Ghost in the Shell franchise (manga, TV shows, sequels), I was excited for the live-action remake of the movie, despite my wariness for "reboots" in general.