English

Poster: Long PHP webshell files detection based on sliding window attention

Cryptography and Security 2025-02-28 v2 Artificial Intelligence

Abstract

Webshell is a type of backdoor, and web applications are widely exposed to webshell injection attacks. Therefore, it is important to study webshell detection techniques. In this study, we propose a webshell detection method. We first convert PHP source code to opcodes and then extract Opcode Double-Tuples (ODTs). Next, we combine CodeBert and FastText models for feature representation and classification. To address the challenge that deep learning methods have difficulty detecting long webshell files, we introduce a sliding window attention mechanism. This approach effectively captures malicious behavior within long files. Experimental results show that our method reaches high accuracy in webshell detection, solving the problem of traditional methods that struggle to address new webshell variants and anti-detection techniques.

Keywords

Cite

@article{arxiv.2502.19257,
  title  = {Poster: Long PHP webshell files detection based on sliding window attention},
  author = {Zhiqiang Wang and Haoyu Wang and Lu Hao},
  journal= {arXiv preprint arXiv:2502.19257},
  year   = {2025}
}

Comments

3 pages(include 1 page poster), 1 figure. Accepted as a poster at the NDSS 2025. Poster list: http://www.ndss-symposium.org/ndss2025/accepted-posters/. Dataset/code available at http://github.com/w-32768/PHP-Webshell-Detection-via-Opcode-Analysis

R2 v1 2026-06-28T21:58:52.989Z