WebSHArk 1.0: A Benchmark Collection for Malicious Web Shell Detection

Web shells are programs that are written for a specific purpose in Web scripting languages, such as PHP, ASP, ASP.NET, JSP, PERL-CGI, etc. Web shells provide a means to communicate with the server’s operating system via the interpreter of the web scripting languages. Hence, web shells can execute OS...

Full description

Saved in:
Bibliographic Details
Published in:Journal of information processing systems 2015, 11(2), 36, pp.229-238
Main Authors: 김진숙, 유동훈, 장희진, 정기문
Format: Article
Language:English
Subjects:
컴퓨터학
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Web shells are programs that are written for a specific purpose in Web scripting languages, such as PHP, ASP, ASP.NET, JSP, PERL-CGI, etc. Web shells provide a means to communicate with the server’s operating system via the interpreter of the web scripting languages. Hence, web shells can execute OS specific commands over HTTP. Usually, web attacks by malicious users are made by uploading one of these web shells to compromise the target web servers. Though there have been several approaches to detect such malicious web shells, no standard dataset has been built to compare various web shell detection techniques. In this paper, we present a collection of web shell files, WebSHArk 1.0, as a standard dataset for current and future studies in malicious web shell detection. To provide baseline results for future studies and for the improvement of current tools, we also present some benchmark results by scanning the WebSHArk dataset directory with three web shell scanning tools that are publicly available on the Internet. The WebSHArk 1.0 dataset is only available upon request via email to one of the authors, due to security and legal issues. KCI Citation Count: 1
ISSN:2092-805X
1976-913X
2092-805X
DOI:10.3745/JIPS.03.0026