ASAF: AI-Powered Static Analysis Framework for Webshell Detection

EasyChair Preprint 15426

Abstract

The increasing sophistication and prevalence of webshells present a significant threat to web application security, necessitating the development of more advanced detection methods. This study introduces an AI-powered Static Analysis Framework (ASAF) designed to detect both known and novel webshell variants with high accuracy and efficiency. ASAF combines the pattern-matching capabilities of Yara rules for identifying known webshells with the advanced detection power of Convolutional Neural Networks (CNNs) for uncovering new and obfuscated threats. The framework consists of five core components: (1) Yara, which employs textual and binary pattern matching to detect known webshells; (2) Opcode Vectorization, which translates web source code into opcode sequences for deeper analysis; (3) Dataset Collecting and Cleaning, which ensures the framework is trained on high-quality data; (4) CNN Model, designed to capture intricate patterns in opcode sequences. Through the integration of static signature-based and CNN-based methods, ASAF provides a comprehensive and robust solution for webshell detection.

Keyphrases: Convolutional Neural Networks, Webshell detection, static analysis

@booklet{EasyChair:15426,
  author    = {Ha V. Le and Hieu T. Hoang and On V. Phung and Hoa N. Nguyen},
  title     = {ASAF: AI-Powered Static Analysis Framework for Webshell Detection},
  howpublished = {EasyChair Preprint 15426},
  year      = {EasyChair, 2024}}