Webshell attacks are becoming more common, requiring robust detection mechanisms to protect web applications. The dissertation clearly states two research directions: scanning web application source code and analyzing HTTP traffic to detect webshells. First, the dissertation proposes ASAF, an advanced DL-Powered Source-Code Scanning Framework that uses signature-based methods and deep learning algorithms to detect known and unknown webshells. We designed the framework to enable programming language-specific detection models. The dissertation used PHP for interpreted language and ASP.NET for compiled language to build a complete ASAF-based model for experimentation and comparison with other research results to prove its efficacy. Second, the dissertation introduces a deep neural network that detects webshells using real-time HTTP traffic analysis of web applications. The study proposes an algorithm to improve the deep learning model's loss function to address data imbalance. We tested and compared the model to other studies on the CSE-CIC-IDS2018 dataset to prove its efficacy. We integrated the model with NetIDPS to improve webshell identification. Automatically blacklist attack source IPs and block URIs querying webshells on the web server to prevent these attacks.

翻译：Webshell攻击日益普遍，需要强大的检测机制来保护Web应用程序。本论文明确提出了两个研究方向：扫描Web应用程序源代码和分析HTTP流量以检测Webshell。首先，论文提出了ASAF——一种先进的基于深度学习的源代码扫描框架，该框架结合基于签名的方法和深度学习算法来检测已知和未知的Webshell。我们设计了该框架以实现针对特定编程语言的检测模型。论文使用PHP作为解释型语言、ASP.NET作为编译型语言构建了完整的基于ASAF的模型，通过实验并与其他研究成果进行比较，证明了其有效性。其次，论文引入了一种深度神经网络，通过对Web应用程序的实时HTTP流量分析来检测Webshell。研究提出了一种改进深度学习模型损失函数的算法以解决数据不平衡问题。我们在CSE-CIC-IDS2018数据集上对该模型进行了测试，并与其他研究进行比较，验证了其效能。我们将该模型与NetIDPS集成以提升Webshell识别能力，通过自动将攻击源IP加入黑名单并阻断Web服务器上查询Webshell的URI请求，从而有效防御此类攻击。