DNS rebinding attacks are not often seen in the wild, which is one reason why browser makers have taken a slower approach to adopting the web security standard.
Related Posts
Bitwarden launches new MFA Authenticator app for iOS, Android
Bitwarden launches new MFA Authenticator app for iOS, Android
Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. […] Read More
BleepingComputer
How One Bad CrowdStrike Update Crashed the World’s Computers
How One Bad CrowdStrike Update Crashed the World’s Computers
A defective CrowdStrike kernel driver sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible. Read More
AI-Based Webshell Detection Model – Detailed Overview
AI-Based Webshell Detection Model – Detailed Overview
[[{“value”:”
While injection vulnerabilities are on the rise, Webshells have become a serious concern.
They allow attackers to gain unauthorized access and run malicious code on web servers.
For the correct detection of webshells with various forms, obfuscation techniques, and stealthy features, it is necessary to identify unique characteristics that differentiate them from innocent data.
The following cybersecurity researchers discovered that the AI and deep learning models can outperform traditional static and rule-based methods by using abstract features extracted from vectorized representations of code, opcodes, or network traffic:-
Mingrui Ma
Lansheng Han
Chunjie Zhou
However, an extensive examination of these AI-powered techniques should be conducted to understand their strengths, weaknesses, and future potential in fighting the ever-changing landscape of Webshells.
Document
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
Technical Analysis
There has been a boom in artificial intelligence (AI) webshell detection recently, with every stage being optimized from data preparation to model creation.
Techniques range from attention mechanisms and word embeddings to abstract syntax tree analysis, opcode vectorization, pattern matching, session modeling from weblogs, and ensembling static and dynamic features.
Although these methods have surpassed traditional ones in terms of detection rate, they are still limited by their inflexible filtering rules and reliance on specific languages.
Unknown approaches combine unclear matching with recurrent neural networks to identify key webshell behaviors relating to data transmission or execution across different implementations.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.
To keep up with evolving webshell threats, feature engineering should be further improved while new model architectures must be designed for better detection accuracy and reliability.
Besides this, to mine feature languages, authors used 1-gram and 4-gram opcodes and selected features using algorithms with the same n-grams.
They observed that integrating LR, SVM, MLP, and RF classifiers with weighted values to detect webshells caused slow detection speeds.
They also noted some limitations of both static and dynamic methods based on features consequently requiring a more complete set of these methods.
The major challenges encountered were unbalanced datasets, irrelevant features, and limitations in the detection algorithm.
Data imbalances were resolved through de-duplication, SMOTE, and ensemble learning.
Different deep learning approaches such as CNN and LSTM were tried out together with various fusion methods.
New techniques were designed to deal with issues like long script identification as well as feature engineering constraints taking into account privacy concerns surrounding data usage.
However, problems remained related to performance comparison among different systems and the large amount of data required for processing purposes.
Finally, at the source code level, where opcode conversion is limited, detection accuracy was found to be higher than any other level and layer according to them, but this might not always hold true.
The data representation for detecting webshells is still a topic of debate.
While source code contains more semantic information, it also encounters interlanguage problems, on the other hand, opcode, and static features can recognize new kinds at the cost of losing some data.
ASTs and flow traffic information have been suggested as other options because they can overcome the limitations imposed by programming languages, but these require elaborate pre-processing steps.
Although deep learning is good at capturing generalizations from concrete examples, it cannot handle very large inputs.
It has been found that models trained on imbalanced datasets perform poorly when presented with new instances.
Therefore, industries need to work together to create fairer representations, which will lead to better AI training sets for future use.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
The post AI-Based Webshell Detection Model – Detailed Overview appeared first on Cyber Security News.
“}]] Read More
Cyber Security News