XShellGNN: Cross-file Web Shell Detection Based on Graph Neural Network

Jinli Zhang,Xutong Wang,Ningjun Zheng,Kezhen Huang,Yun Feng,Xiang Cui
DOI: https://doi.org/10.1109/cscwd61410.2024.10580696
2024-01-01
Abstract:In the ever-evolving digital landscape, the complexity of web technologies has significantly increased. This complexity highlights the limitations of traditional web defense mechanisms in offering complete protection. Web shells, especially, present a formidable challenge in the field of web security. Recognizing and addressing this challenge is of paramount importance. It necessitates innovative understandings/approaches that contribute to the collective knowledge in web security. To achieve this, our paper introduces a novel type of attack: the cross-file web shell. Alongside this, we propose a detection methodology utilizing Graph Neural Networks (GNNs). Our method leverages the Function Call Graph (FCG) to generate graph embedding, capturing both the structural and semantic nuances of code. By incorporating a variety of statistics features, our approach adeptly identifies the characteristic patterns of web shells. Utilizing deep learning, this technique allows for precise classification and detection. The efficacy of our method is demonstrated by its impressive performance in detecting cross-file web shells, achieving an accuracy of 96.65% and an F1-score of 96.63%. In addition, we simulate real-world cross-file web shell attack and successfully detecte them using our method. These results underscore the potential of our approach in significantly enhancing web security measures.
What problem does this paper attempt to address?