Webshell detection techniques in web applications

With widely adoption of online services, malicious web sites have become a malignant tumor of the Internet. Through system vulnerabilities, attackers can upload malicious files (which are also called webshells) to web server to create a backdoor for hackers´ further attacks. Therefore, finding and detecting webshell inside web application source code are crucial to secure websites. In this paper, we propose a novel method based on the optimal threshold values to identify files that contain malicious codes from web applications. Our detection system will scan and look for malicious codes inside each file of the web application, and automatically give a list of suspicious files and a detail log analysis table of each suspicious file for administrators to check further. The Experimental results show that our approach is applicable to identify webshell more efficient than some other approaches.