Technique for Assessing the Effectiveness of the Functioning of Web Backdoor Detection Systems
- Autores: Borovkov V.E1, Klyucharev P.G1, Denisenko D.I2
-
Afiliações:
- Bauman Moscow State Technical University
- -
- Edição: Volume 24, Nº 1 (2025)
- Páginas: 125-162
- Seção: Information security
- URL: https://journals.rcsi.science/2713-3192/article/view/278225
- DOI: https://doi.org/10.15622/ia.24.1.6
- ID: 278225
Citar
Texto integral
Resumo
Currently, there is a significant increase in information security incidents related to attacks on web resources. Obtaining unauthorized access to web resources remains one of the main methods of penetration into corporate networks of organizations and expanding the capabilities of intruders. In this regard, many studies are aimed at developing web backdoor detection systems (WBDS), but there is a need to assess the effectiveness of these systems. The purpose of this study is to develop an objective approach to assess the effectiveness of the WBDS functioning. In this work, it was found that the effectiveness of web backdoor detection systems is objectively manifested in the process of their use, therefore, testing of such systems should be carried out in conditions as close as possible to real ones. In this regard, the article proposes a new technique for assessing the effectiveness of WBDS. It is based on the calculation of three groups of specific indicators characterizing the potency, resource intensity and responsiveness of the detection tool, as well as the calculation of a generalized effectiveness indicator. Based on an analysis of research in this area, a classification of web backdoors embedded by an attacker into the source code of web applications has been developed. This classification is used when generating test datasets to calculate specific potency indicators. The developed methodology is applicable to tools that work based on the analysis of the source code of web pages. Additionally, its use requires a number of initial data, such as permissible maximum errors of frequent potency indicators and the probability of them being within the confidence interval, as well as weighting coefficients of specific potency indicators, which are selected by expert methods. This work may be useful for information security specialists and researchers who want to conduct a more objective assessment of their WBDS.
Palavras-chave
Sobre autores
V. Borovkov
Bauman Moscow State Technical University
Email: vbscience@yandex.ru
2nd Baumanskaya St. 5/4
P. Klyucharev
Bauman Moscow State Technical University
Email: pk.iu8@yandex.ru
2nd Baumanskaya St. 5/4
D. Denisenko
-
Email: researchDD_journal@mail.ru
2nd Baumanskaya St. 5/4
Bibliografia
- Актуальные киберугрозы: итоги 2022 года. URL: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2022/ (дата обращения: 02.12.2023).
- Albalawi M.M., Aloufi R.B., Alamrani N.A., Albalawi N.N., Aljaedi O.A., Alharbi A.R. Website Defacement Detection and Monitoring Methods: A Review // Electronics. 2022. vol. 11(21). DOI: /10.3390/electronics11213573.
- Кибербезопасность в 2023–2024 гг.: тренды и прогнозы. Часть третья. URL: https://www.ptsecurity.com/ru-ru/research/analytics/kiberbezopasnost-v-2023-2024-gg-trendy-i-prognozy-chast-tretya/#id2 (дата обращения: 02.02.2024).
- Боровков В.Е., Ключарёв П.Г. Методы защиты веб-приложений от злоумышленников // Вопросы кибербезопасности. 2023. № 5(57). С. 89–99.
- ГОСТ Р ИСО 9000-2015. Системы менеджмента качества. Основные положения и словарь // М.: Стандартинформ. 2018.
- Sam L.T., Aurelien F. Backdoors: Definition, Deniability and Detection // Research in Attacks, Intrusions, and Defenses (RAID 2018). 2018. pp. 92–113.
- Киселев А.Н. Подход к обнаружению вредоносного программного обеспечения web-shell на основе анализа сетевого трафика web-инфраструктуры // Труды Военно-космической академии имени А.Ф. Можайского. 2021. № 677. С. 143–152.
- Ma M., Han L., Zhou C. Research and application of artificial intelligence based webshell detection model: A literature review // arXiv preprint arXiv.2405.00066. 2024.
- Omer A. Performance Comparison of Static Malware Analysis Tools Versus Antivirus Scanners To Detect Malware // 1 Performance Comparison of Static Malware Analysis Tools Versus Antivirus Scanners To Detect Malware. 2017. pp. 1–6.
- Real-World Protection Test July-October 2022. URL: https://www.av-comparatives.org/tests/real-world-protection-test-july-october-2022/ (дата обращения: 02.12.2023)
- Лысенко А.В., Кожевникова И.С., Ананьин Е.В. Анализ методов обнаружения вредоносных программ // Молодой ученый. 2016. № 21(125). С. 758–761.
- Fu J, Li L., Wang Y. Webshell Detection Based on Convolutional Neural Network // Journal of Zhengzhou University (Natural Science Edition). 2019. vol. 51(2). pp. 1–8.
- WebShell detection based on semantic features. URL: https://litheory.github.io/publication/webshell-detection-based-on-semantic-features/ (дата обращения: 11.01.2024).
- Word2vec. URL: https://www.tensorflow. org/text/tutorials/word2vec (дата обращения: 11.01.2024).
- Pan Z., Chen Y., Chen Y., Shen Y., Guo X. Webshell Detection Based on Executable Data Characteristics of PHP Code // Wireless Communications and Mobile Computing. 2021. no. 1. pp. 1–12. doi: 10.1155/2021/5533963.
- Kaushik K., Aggarwal S., Mudgal S., Saravgi S., Mathur V. A novel approach to generate a reverse shell: Exploitation and Prevention // International Journal of Intelligent Communication, Computing, and Networks. 2021. vol. 2. doi: 10.51735/ijiccn/001/33.
- p0wnyshell – Single-file PHP Shell. URL: https://github.com/flozz/p0wny-shell (дата обращения: 12.01.2024).
- WordPress. URL: http://wordpress.com (дата обращения: 12.01.2024).
- Obfuscation Techniques in MARIJUANA Shell «Bypass». URL: https://blog.sucuri.net/2020/12/obfuscation-techniques-in-marijuana-shell-bypass.html (дата обращения: 20.01.2024).
- Keeping Web Shells under Cover (Web Shells Part 3). URL: https://www.acunetix.com/blog/articles/keeping-web-shells-undercover-an-introduction-to-web-shells-part-3/ (дата обращения: 21.01.2024).
- Петухов Г.Б., Якунин В.И. Методологические основы внешнего проектирования целенаправленных процессов и целеустремленных систем. М.: АСТ. 2006. 504 c.
- Гаценко О.Ю., Мирзабаев А.Н., Самонов А.В. Методы и средства оценивания качества реализации функциональных и эксплуатационно-технических характеристик систем обнаружения и предупреждения вторжений нового поколения // Вопросы кибербезопасности. 2018. № 2(26). C. 24–32.
- Zhu T., Weng Z., Fu L., Ruan L. A Web Shell Detection Method Based on Multiview Feature Fusion // Applied Sciences. 2020. vol. 10(18). doi: 10.3390/app10186274.
- Pu A., Feng X.., Zhang Y., Wan X., Han J., Huang C. BERT-Embedding-Based JSP Webshell Detection on Bytecode Level Using XGBoost // Security and Communication Networks. 2022. pp. 1–11. doi: 10.1155/2022/4315829.
- Nguyen N., Le V., Phung V., Du P. Toward a Deep Learning Approach for Detecting PHP Webshell // SoICT 2019: Proceedings of the Tenth International Symposium on Information and Communication Technology. 2019. pp. 514–521. doi: 10.1145/3368926.3369733.
- Zhang H., Liu M., Yue Z., Xue Z., Shi Y., He X. A PHP and JSP Web Shell Detection System with Text Processing Based on Machine Learning // 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2020. pp. 1584–1591.
- Оценка качества в задачах классификации и регрессии. URL: https://neerc.ifmo.ru/wiki/index.php?title=Оценка_качества_в_задачах_классификации_и_регрессии (дата обращения: 15.11.2023).
- DS_WBDT. URL: https://github.com/scienceMGtech (дата обращения: 20.10.2023).
- Zhao J., Lu J., Wang X., Zhu K., Yu L. WTA: A Static Taint Analysis Framework for PHP Webshell // Applied Sciences. 2021. vol. 11(16). doi: 10.3390/app11167763.
- Ниворожкина Л.И. и др. Статистические методы анализа данных // РИОР, 2016. 333 с.
- Илышев А.М. Общая теория статистики. Учебник для студентов вузов, обучающихся по специальностям экономики и управления. М.: ЮНИТИ. 2012. 535 c.
- Соловьев Ю.П. Неравенства. М.: МЦНМО, 2005. 16 с.
- WebShell Scan Detection and Killing Tools. URL: https://cloud.tencent.com/developer/article/1745883 (дата обращения: 27.02.2024).
Arquivos suplementares
