Abstract: Webshell is a commonly used tool for hackers to carry out network intrusion. It has the characteristics of high concealment and great power. The existing Webshell detection method has high detection accuracy when detecting known Webshell, but the detection accuracy is very low in the face of complex and flexible unknown and variant Webshell. In response to this problem, this paper discusses the characteristics and working principle of Webshell, analyzes the difference between Webshell and the traditional Webshell using obfuscated encryption coding technology, and proposes a Webshell machine learning detection model based on logistic regression algorithm. The model can effectively detect the confusingly coded Webshell, reduce the false positive rate and improve the detection accuracy.

Key words: Webshell, encryption confusion, logistic regression, cyber security, machine learning

摘要： Webshell是黑客进行网络入侵常用的工具，具有隐蔽性高、威害性大等特点.现有的Webshell检测方法在检测已知Webshell时检测准确率较高，但面对复杂灵活的未知、变种Webshell时，检测准确率很低.针对这一问题，论述了Webshell的特点和工作原理，分析了采用混淆加密编码技术的Webshell与传统的Webshell的区别，提出了一种基于逻辑回归算法的Webshell机器学习检测模型.该模型能有效得检测出经过混淆编码的Webshell，降低了误报率并且提高了检测的正确率.

关键词: Webshell, 加密混淆, 逻辑回归, 网络安全, 机器学习