Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00211
Xinchun Cui, Xueqing Li, Yiming Qin, Yong Ding
Many Internet service providers are still using traditional password strength evaluation methods, resulting in user passwords being vulnerable to social engineering attacks. We believe that the password strength evaluation method based on sensitive personal information has great research value for improving the security of password authentication system. In this paper, we use the structure segmentation algorithm and the bidirectional matching algorithm to investigate how users' personal information is used in passwords. Then, we present a sensitivity personal information coverage evaluation function that represents the correlation between users' password and their personal information. Finally, a password strength evaluation method based on sensitive personal information is proposed. This method is composed of three stages: preprocessing stage, prediction dictionary generation stage and password strength evaluation stage.
{"title":"A Password Strength Evaluation Algorithm based on Sensitive Personal Information","authors":"Xinchun Cui, Xueqing Li, Yiming Qin, Yong Ding","doi":"10.1109/TrustCom50675.2020.00211","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00211","url":null,"abstract":"Many Internet service providers are still using traditional password strength evaluation methods, resulting in user passwords being vulnerable to social engineering attacks. We believe that the password strength evaluation method based on sensitive personal information has great research value for improving the security of password authentication system. In this paper, we use the structure segmentation algorithm and the bidirectional matching algorithm to investigate how users' personal information is used in passwords. Then, we present a sensitivity personal information coverage evaluation function that represents the correlation between users' password and their personal information. Finally, a password strength evaluation method based on sensitive personal information is proposed. This method is composed of three stages: preprocessing stage, prediction dictionary generation stage and password strength evaluation stage.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128073866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00150
M. Yousuf, Mingjun Wang, Zheng Yan, Fawad Khan
5G mobile networks are expected to be much bigger in size, faster in speeds and better in scalability, providing varied services to different users and businesses in contrast to previous networks. 5G will also help enabling new business models and use cases. “Network Slicing” is a driving architectural concept for multi-tenancy. Network Slicing enables Mobile Network Operators (MNOs) to deploy different services over shared physical infrastructure, increasing inter-operator resource sharing. As 5G is still in its nascent, inter operator cooperation is an area that requires immediate attention of research. Traditional inter operator trust relationship models cannot fully comprehend the needs of 5G networks. In this paper, we propose an Intel SGX based multi-MNO cooperation scheme for trusted, dynamic and efficient network slice sharing in order to support inter-operator trustworthy collaboration. Furthermore, we developed a Proof of Concept of our proposed scheme using Intel SGX, flask framework and Docker containers. The obtained results indicate the applicability of the proposed scheme with little effect on performance.
{"title":"Trusted Network Slicing among Multiple Mobile Network Operators","authors":"M. Yousuf, Mingjun Wang, Zheng Yan, Fawad Khan","doi":"10.1109/TrustCom50675.2020.00150","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00150","url":null,"abstract":"5G mobile networks are expected to be much bigger in size, faster in speeds and better in scalability, providing varied services to different users and businesses in contrast to previous networks. 5G will also help enabling new business models and use cases. “Network Slicing” is a driving architectural concept for multi-tenancy. Network Slicing enables Mobile Network Operators (MNOs) to deploy different services over shared physical infrastructure, increasing inter-operator resource sharing. As 5G is still in its nascent, inter operator cooperation is an area that requires immediate attention of research. Traditional inter operator trust relationship models cannot fully comprehend the needs of 5G networks. In this paper, we propose an Intel SGX based multi-MNO cooperation scheme for trusted, dynamic and efficient network slice sharing in order to support inter-operator trustworthy collaboration. Furthermore, we developed a Proof of Concept of our proposed scheme using Intel SGX, flask framework and Docker containers. The obtained results indicate the applicability of the proposed scheme with little effect on performance.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132555719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00103
Lida Ketsbaia, B. Issac, Xiaomin Chen
Cyberbullying has become a highly problematic occurrence due to its potential of anonymity and its ease for others to join in the harassment of victims. The distancing effect that technological devices have, has led to cyberbullies say and do harsher things compared to what is typical in a traditional face-to-face bullying situation. Given the great importance of the problem, detection is becoming a key area of cyberbullying research. Therefore, it is highly necessary for a framework to accurately detect new cyberbullying instances automatically. To review the machine learning and deep learning approaches, two datasets were used. The first dataset was provided by the University of Maryland consisting of over 30,000 tweets, whereas the second dataset was based on the article ‘Automated Hate Speech Detection and the Problem of Offensive Language’ by Davidson et al., containing roughly 25,000 tweets. The paper explores machine learning approaches using word embeddings such as DBOW (Distributed Bag of Words) and DMM (Distributed Memory Mean) and the performance of Word2vec Convolutional Neural Networks (CNNs) to classify online hate.
{"title":"Detection of Hate Tweets using Machine Learning and Deep Learning","authors":"Lida Ketsbaia, B. Issac, Xiaomin Chen","doi":"10.1109/TrustCom50675.2020.00103","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00103","url":null,"abstract":"Cyberbullying has become a highly problematic occurrence due to its potential of anonymity and its ease for others to join in the harassment of victims. The distancing effect that technological devices have, has led to cyberbullies say and do harsher things compared to what is typical in a traditional face-to-face bullying situation. Given the great importance of the problem, detection is becoming a key area of cyberbullying research. Therefore, it is highly necessary for a framework to accurately detect new cyberbullying instances automatically. To review the machine learning and deep learning approaches, two datasets were used. The first dataset was provided by the University of Maryland consisting of over 30,000 tweets, whereas the second dataset was based on the article ‘Automated Hate Speech Detection and the Problem of Offensive Language’ by Davidson et al., containing roughly 25,000 tweets. The paper explores machine learning approaches using word embeddings such as DBOW (Distributed Bag of Words) and DMM (Distributed Memory Mean) and the performance of Word2vec Convolutional Neural Networks (CNNs) to classify online hate.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131797461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/trustcom50675.2020.00006
{"title":"Welcome Messages from IEEE TrustCom 2020 Program Chairs","authors":"","doi":"10.1109/trustcom50675.2020.00006","DOIUrl":"https://doi.org/10.1109/trustcom50675.2020.00006","url":null,"abstract":"","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134222688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00064
Yuzong Hu, Futai Zou, Linsen Li, P. Yi
In recent years, more and more anonymous network have been developed. Since user's identity is difficult to trace in anonymous networks, many illegal activities are carried out in darknet. In this paper, we propose a hierarchical classifier of darknet traffic which can distinguish four types of darknet(Tor, I2P, ZeroNet, Freenet) and 25 darknet users' behavior. Due to the lack of public datasets, we deployed a darknet data probe that can capture real darknet traffic in Tor, I2P, ZeroNet, Freenet. After collecting and labeling darknet traffic, we extract 26 time-based flow features that can represent the characteristics of darknet traffic and train a hierarchical classifier constructed by 6 local classifiers. Results show that the classifier can easily distinguish Tor, I2P, ZeroNet, Freenet four kinds of darknet clients with an accuracy of 96.9% and identify 8 kinds of user behaviors for each type of darknet with an accuracy of 91.6% on average. With the help of this hierarchical classification method, darknet user behaviors can be accurately distinguished at the traffic exit.
{"title":"Traffic Classification of User Behaviors in Tor, I2P, ZeroNet, Freenet","authors":"Yuzong Hu, Futai Zou, Linsen Li, P. Yi","doi":"10.1109/TrustCom50675.2020.00064","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00064","url":null,"abstract":"In recent years, more and more anonymous network have been developed. Since user's identity is difficult to trace in anonymous networks, many illegal activities are carried out in darknet. In this paper, we propose a hierarchical classifier of darknet traffic which can distinguish four types of darknet(Tor, I2P, ZeroNet, Freenet) and 25 darknet users' behavior. Due to the lack of public datasets, we deployed a darknet data probe that can capture real darknet traffic in Tor, I2P, ZeroNet, Freenet. After collecting and labeling darknet traffic, we extract 26 time-based flow features that can represent the characteristics of darknet traffic and train a hierarchical classifier constructed by 6 local classifiers. Results show that the classifier can easily distinguish Tor, I2P, ZeroNet, Freenet four kinds of darknet clients with an accuracy of 96.9% and identify 8 kinds of user behaviors for each type of darknet with an accuracy of 91.6% on average. With the help of this hierarchical classification method, darknet user behaviors can be accurately distinguished at the traffic exit.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"121 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134510491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00031
Qi Feng, D. He, Min Luo, Zengxiang Li, K. Choo
In cryptocurrency and blockchain-based distributed ledgers, transfer of money (digital coins) can be presented as a transaction. Due to the irreversibility nature of blockchain transactions, a single fraudulent use of private key (used to sign transactions) could have significant consequences (e.g. financial loss). Key protection alone is not adequate in protecting cryp-tocurrencies, and threshold signature is a viable method to avoid fraudulent key usage or key theft. In this paper, we focus on the Edwards-curve digital security algorithm (EdDSA), which has been applied in several cryptocurrencies (e.g. Cardano, Zcash, and Decred) and design the first efficient two-party EdDSA signing protocol. Unlike standard secret sharing, a valid signature is generated using an interactive protocol without the original key ever being exposed. We mathematically prove the security of our proposed protocol. Findings from the performance evalation of the protocol show that it achieves good performance for curve Ed25519, with a single signing operation in the malicious setting taking approximately 3.32 ms between two devices.
{"title":"Practical Secure Two-Party EdDSA Signature Generation with Key Protection and Applications in Cryptocurrency","authors":"Qi Feng, D. He, Min Luo, Zengxiang Li, K. Choo","doi":"10.1109/TrustCom50675.2020.00031","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00031","url":null,"abstract":"In cryptocurrency and blockchain-based distributed ledgers, transfer of money (digital coins) can be presented as a transaction. Due to the irreversibility nature of blockchain transactions, a single fraudulent use of private key (used to sign transactions) could have significant consequences (e.g. financial loss). Key protection alone is not adequate in protecting cryp-tocurrencies, and threshold signature is a viable method to avoid fraudulent key usage or key theft. In this paper, we focus on the Edwards-curve digital security algorithm (EdDSA), which has been applied in several cryptocurrencies (e.g. Cardano, Zcash, and Decred) and design the first efficient two-party EdDSA signing protocol. Unlike standard secret sharing, a valid signature is generated using an interactive protocol without the original key ever being exposed. We mathematically prove the security of our proposed protocol. Findings from the performance evalation of the protocol show that it achieves good performance for curve Ed25519, with a single signing operation in the malicious setting taking approximately 3.32 ms between two devices.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133372672","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00227
Thomas Hupperich, Katharina Dassel
Strong passwords rely on complexity and length, no matter if text-based or of any other type. For text-based passwords, there are many established methods to measure complexity while for graphical passwords, e.g., unlock patterns on mobile devices, it is still an open question what criteria can be used to describe complexity. Also, users tend to choose a stronger password if the strength of their password is visualized. We conduct a user study on the helpfulness of strength indication and user nudging regarding unlock patterns. Participants create such graphical passwords under carefully specified circumstances, e.g., practical nudges on how to improve their password's security. We show that the choice of a strong password does not rely on being tech-savvy and users with different technical backgrounds can be helped by visualizations of a graphical password strength as well as by hints on how to improve it. Most users even perceive this as a helpful feature.
{"title":"On the Usefulness of User Nudging and Strength Indication Concerning Unlock Pattern Security","authors":"Thomas Hupperich, Katharina Dassel","doi":"10.1109/TrustCom50675.2020.00227","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00227","url":null,"abstract":"Strong passwords rely on complexity and length, no matter if text-based or of any other type. For text-based passwords, there are many established methods to measure complexity while for graphical passwords, e.g., unlock patterns on mobile devices, it is still an open question what criteria can be used to describe complexity. Also, users tend to choose a stronger password if the strength of their password is visualized. We conduct a user study on the helpfulness of strength indication and user nudging regarding unlock patterns. Participants create such graphical passwords under carefully specified circumstances, e.g., practical nudges on how to improve their password's security. We show that the choice of a strong password does not rely on being tech-savvy and users with different technical backgrounds can be helped by visualizations of a graphical password strength as well as by hints on how to improve it. Most users even perceive this as a helpful feature.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"142 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114317811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00187
Tao Sun, Jing Yang, Wenjie Zhong
In order to solve the state explosion problem that makes model checking difficult to perform, this paper proposes a state space pruning algorithm. The property transition set is extracted from the ASK-CTL formula and the irrelevant transition set, which represents behaviors independent of the property to be detected is obtained through the data dependence relationship. To simplify the state space, the algorithm reduces concurrent occurrences of irrelevant transitions, which does not change property checking. The experimental results show that the state space pruning algorithm reduces the number of states and arcs of the state space, and improves the verification efficiency.
{"title":"CPN Model Checking Method of Concurrent Software Based on State Space Pruning","authors":"Tao Sun, Jing Yang, Wenjie Zhong","doi":"10.1109/TrustCom50675.2020.00187","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00187","url":null,"abstract":"In order to solve the state explosion problem that makes model checking difficult to perform, this paper proposes a state space pruning algorithm. The property transition set is extracted from the ASK-CTL formula and the irrelevant transition set, which represents behaviors independent of the property to be detected is obtained through the data dependence relationship. To simplify the state space, the algorithm reduces concurrent occurrences of irrelevant transitions, which does not change property checking. The experimental results show that the state space pruning algorithm reduces the number of states and arcs of the state space, and improves the verification efficiency.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114592015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00125
Paul Walther, T. Strufe
In Physical Layer Security, knowing the reciprocal state information of the legitimate terminals' wireless channel is considered a shared secret. Although questioned in recent works, the basic assumption is that an eavesdropper, residing more than half of a wavelength away from the legitimate terminals, is unable to even obtain estimates that are correlated to the state information of the legitimate channel. In this work, we present a Machine Learning based attack that does not require knowledge about the environment or terminal positions, but is solely based on the eavesdropper's measurements. It still successfully infers the legitimate channel state information as represented in impulse responses. We show the effectiveness of our attack by evaluating it on two sets of real world ultra wideband channel impulse responses, for which our attack predictions can achieve higher correlations than even the measurements at the legitimate channel.
{"title":"Inference Attacks on Physical Layer Channel State Information","authors":"Paul Walther, T. Strufe","doi":"10.1109/TrustCom50675.2020.00125","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00125","url":null,"abstract":"In Physical Layer Security, knowing the reciprocal state information of the legitimate terminals' wireless channel is considered a shared secret. Although questioned in recent works, the basic assumption is that an eavesdropper, residing more than half of a wavelength away from the legitimate terminals, is unable to even obtain estimates that are correlated to the state information of the legitimate channel. In this work, we present a Machine Learning based attack that does not require knowledge about the environment or terminal positions, but is solely based on the eavesdropper's measurements. It still successfully infers the legitimate channel state information as represented in impulse responses. We show the effectiveness of our attack by evaluating it on two sets of real world ultra wideband channel impulse responses, for which our attack predictions can achieve higher correlations than even the measurements at the legitimate channel.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114870920","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-01DOI: 10.1109/TrustCom50675.2020.00219
Han Zhang, Ming Liu, Zihan Yue, Zhi Xue, Yong-yu Shi, Xiangjian He
Web shell is one of the most common network attack methods, and traditional detection methods may not detect complex and flexible variants of web shell attacks. In this paper, we present a comprehensive detection system that can detect both PHP and JSP web shells. After file classification, we use different feature extraction methods, i.e. AST for PHP files and bytecode for JSP files. We present a detection model based on text processing methods including TF-IDF and Word2vec algorithms. We combine different kinds of machine learning algorithms and perform a comprehensively controlled experiment. After the experiment and evaluation, we choose the detection machine learning model of the best performance, which can achieve a high detection accuracy above 98%.
Web shell是最常见的网络攻击方式之一,传统的检测方法可能无法检测到复杂灵活的Web shell攻击变体。在本文中,我们提出了一个可以同时检测PHP和JSP web shell的综合检测系统。文件分类后,我们使用不同的特征提取方法,即PHP文件使用AST, JSP文件使用字节码。我们提出了一个基于文本处理方法的检测模型,包括TF-IDF和Word2vec算法。我们结合了不同的机器学习算法,并进行了全面的控制实验。经过实验和评估,我们选择了性能最好的检测机器学习模型,该模型可以达到98%以上的高检测准确率。
{"title":"A PHP and JSP Web Shell Detection System With Text Processing Based On Machine Learning","authors":"Han Zhang, Ming Liu, Zihan Yue, Zhi Xue, Yong-yu Shi, Xiangjian He","doi":"10.1109/TrustCom50675.2020.00219","DOIUrl":"https://doi.org/10.1109/TrustCom50675.2020.00219","url":null,"abstract":"Web shell is one of the most common network attack methods, and traditional detection methods may not detect complex and flexible variants of web shell attacks. In this paper, we present a comprehensive detection system that can detect both PHP and JSP web shells. After file classification, we use different feature extraction methods, i.e. AST for PHP files and bytecode for JSP files. We present a detection model based on text processing methods including TF-IDF and Word2vec algorithms. We combine different kinds of machine learning algorithms and perform a comprehensively controlled experiment. After the experiment and evaluation, we choose the detection machine learning model of the best performance, which can achieve a high detection accuracy above 98%.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115320872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: