Application of Deep Learning Algorithm for Web Shell Detection in Web Application Security System

Authors

  • Rezky Yuranda Master of Information Engineering Study Program, Bina Darma University Palembang
  • Edi Surya Negara Master of Information Engineering Study Program, Bina Darma University Palembang

DOI:

https://doi.org/10.32736/sisfokom.v13i3.2234

Keywords:

webshell, deep learning, CNN, RNN, LSTM

Abstract

A web shell is a script executed on a web server, often used by hackers to gain control over an infected server. Detecting web shells is challenging due to their complex behavior patterns. This research focuses on using a deep learning approach to detect web shells on the ISB Atma Luhur web server, aiming to develop a model capable of precise detection. By training the model with labeled PHP files, malicious web shells are distinguished from benign files. The study is crucial for enhancing the server's security, preventing hacker attacks, and safeguarding sensitive data. Through preprocessing techniques such as opcode extraction and feature selection, useful pattern recognition for web shell detection is achieved. Training deep learning models like CNN and RNN with LSTM on processed data leads to accuracy evaluation using classification metrics. The CNN model demonstrates superior performance in detection, emphasizing the effectiveness of deep learning for web shell detection. The research contributes to enhancing security in web-based applications, protecting against cyber threats like web shells.

References

Sutabri, T., Wijaya, A., Herdiansyah, M.I., Negara, E.S., 2024. Evaluasi Risiko Celah Keamanan Aplikasi E-Office menggunakan Metode OWASP. EDUMATIC Vol. 8 No. 1, 113–122. https://doi.org/10.29408/edumatic.v8i1.25463

Yuningsih, P.D., Utami, L.A., 2024. Sistem Informasi Online Booking Berbasis Web Pada Pheo Studi Salon. J. TEKNOINFO 18, 193–200

Hartono, S., Khotimah, K., 2022. Deteksi dan Mitigasi Serangan Backdoor Menggunakan Python Watchdog. J. Sienna 3, 1.

Putra, I., 2023. Live Forensics untuk mengenali Karakteristik Serangan File Upload Guna Meningkatkan Keamanan pada Web Server: Indonesia. JIIP - J. Ilm. Ilmu Pendidik. 6, 4387–4394. https://doi.org/10.54371/jiip.v6i6.2173

Tianmin, G., Jiemin, Z., Jian, M., 2019. Research on Webshell Detection Method Based on Machine Learning, in: 2019 3rd International Conference on Electronic Information Technology and Computer Engineering (EITCE). Presented at the 2019 3rd International Conference on Electronic Information Technology and Computer Engineering (EITCE), IEEE, Xiamen, China, pp. 1391–1394. https://doi.org/10.1109/EITCE47263.2019.9094767

GroboganKab-CSIRT. (n.d.). https://csirt.grobogan.go.id/posts/website-kampus-rentan-diserang-dan-dijadikan-jadi-situs-judi-online

Kamath, C. N., Bukhari, S. S., & Dengel, A. (2018). Comparative Study between Traditional Machine Learning and Deep Learning Approaches for Text Classification. Proceedings of the ACM Symposium on Document Engineering 2018, 1–11. https://doi.org/10.1145/3209280.3209526

Zulqarnain, M., Ghazali, R., Hassim, Y. M. M., & Rehan, M. (2020). A comparative review on deep learning models for text classification. Indonesian Journal of Electrical Engineering and Computer Science, 19(1), 325. https://doi.org/10.11591/ijeecs.v19.i1.pp325-335

Sari, W. K., Rini, D. P., Malik, R. F., & Azhar, I. S. B. (2020). Klasifikasi Teks Multilabel pada Artikel Berita Menggunakan Long Short- Term Memory dengan Word2Vec. Jurnal RESTI, 4(2).

Semberecki, P., & Maciejewski, H. (2017). Deep Learning methods for Subject Text Classification of Articles. 357–360. https://doi.org/10.15439/2017F414

utri, I. P., Terttiaavini, T., & Arminarahmah, N. (2024). Analisis Perbandingan Algoritma Machine Learning untuk Prediksi Stunting pada Anak: Comparative Analysis of Machine Learning Algorithms for Predicting Child Stunting. MALCOM: Indonesian Journal of Machine Learning and Computer Science, 4(1), 257–265. https://doi.org/10.57152/malcom.v4i1.1078

Flannelly, L. T., Flannelly, K. J., & Jankowski, K. R. B. (2014). Independent, Dependent, and Other Variables in Healthcare and Chaplaincy Research. Journal of Health Care Chaplaincy, 20(4), 161–170. https://doi.org/10.1080/08854726.2014.959374

Han, Jiawei, Jian Pei, dan Hanghang Tong. Data mining: concepts and techniques. Morgan kaufmann, 2022.

Karunaratne, A. (2021, March 31). OPCodes, the execution units the PHP’s Virtual Machine executes, can be listed and inspected, to reveal performance and code structure caveats and improvements. PHP.Watch. https://php.watch/articles/php-dump-opcodes

D. Wahyuningsih dan E. Patima, “Penerapan Naive Bayes Untuk Penerimaan Beasiswa,” Telematika, vol. 11, no. 1, p. 135, 2018, doi: 10.35671/telematika.v11i1.665.

Mikolov, T., Chen, K., Corrado, G. S., & Dean, J. (2013). Efficient Estimation of Word Representations in Vector Space. arXiv (Cornell University). https://doi.org/10.48550/arxiv.1301.3781

S. Sudianto, A. D. Sripamuji, I. Ramadhanti, R. R. Amalia, J. Saputra, dan B. Prihatnowo, “Penerapan Algoritma Support Vector Machine dan Multi-Layer Perceptron pada Klasisifikasi Topik Berita,” J. Nas. Pendidik. Tek. Inform. JANAPATI, vol. 11, no. 2, pp. 84–91, 2022.

Downloads

Additional Files

Published

2024-11-20

Issue

Vol. 13 No. 3 (2024): NOVEMBER

Section

Articles

License

The copyright of the article that accepted for publication shall be assigned to Jurnal Sisfokom (Sistem Informasi dan Komputer) and LPPM ISB Atma Luhur as the publisher of the journal. Copyright includes the right to reproduce and deliver the article in all form and media, including reprints, photographs, microfilms, and any other similar reproductions, as well as translations.

Jurnal Sisfokom (Sistem Informasi dan Komputer), LPPM ISB Atma Luhur, and the Editors make every effort to ensure that no wrong or misleading data, opinions or statements be published in the journal. In any way, the contents of the articles and advertisements published in Jurnal Sisfokom (Sistem Informasi dan Komputer) are the sole and exclusive responsibility of their respective authors.

Jurnal Sisfokom (Sistem Informasi dan Komputer) has full publishing rights to the published articles. Authors are allowed to distribute articles that have been published by sharing the link or DOI of the article. Authors are allowed to use their articles for legal purposes deemed necessary without the written permission of the journal with the initial publication notification from the Jurnal Sisfokom (Sistem Informasi dan Komputer).

The Copyright Transfer Form can be downloaded [Copyright Transfer Form Jurnal Sisfokom (Sistem Informasi dan Komputer).

This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s). After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted. The copyright form should be signed originally, and send it to the Editorial in the form of scanned document to sisfokom@atmaluhur.ac.id.