{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T03:44:21Z","timestamp":1769053461169,"version":"3.49.0"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030415785","type":"print"},{"value":"9783030415792","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-41579-2_42","type":"book-chapter","created":{"date-parts":[[2020,2,17]],"date-time":"2020-02-17T16:09:09Z","timestamp":1581955749000},"page":"725-745","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["WSLD: Detecting Unknown Webshell Using Fuzzy Matching and Deep Learning"],"prefix":"10.1007","author":[{"given":"Zihao","family":"Zhao","sequence":"first","affiliation":[]},{"given":"Qixu","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Tiantian","family":"Song","sequence":"additional","affiliation":[]},{"given":"Zhi","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Xianda","family":"Wu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,2,18]]},"reference":[{"key":"42_CR1","unstructured":"China Website Security Vulnerability Analysis Report (2018). http:\/\/zt.360.cn\/1101061855.php?dtid=1101062368&did=490995546"},{"key":"42_CR2","unstructured":"Piotr, Thornton: PHP-Shell-Detector: A PHP Script help you find webshell (2007). https:\/\/github.com\/emposha\/PHP-Shell-Detector"},{"key":"42_CR3","unstructured":"Truong, D., Cheng, G., Guo, X., Pan, W.: Webshell detection techniques in web applications. In: Proceedings of the 5th International Conference on Computing Communications and Networking Technologies, pp. 1\u20137. IEEE, Hefei (2014)"},{"key":"42_CR4","first-page":"15","volume":"6","author":"J Hu","year":"2012","unstructured":"Hu, J., Xu, Z., Ma, D., Yang, J.: Research of webshell detection based on decision tree. J. Netw. New Media 6, 15\u201319 (2012)","journal-title":"J. Netw. New Media"},{"key":"42_CR5","first-page":"5","volume":"5","author":"Z Meng","year":"2014","unstructured":"Meng, Z., Mei, R., Zhang, T., Wen, W.: Research of Linux WebShell detection based on SVM classifier. Netinfo Secur. 5, 5\u20139 (2014)","journal-title":"Netinfo Secur."},{"key":"42_CR6","doi-asserted-by":"crossref","unstructured":"Starov, O., Dahse, J., Ahmad, S., Holz, T., Nikiforakis, N.: No honor among thieves: a large-scale analysis of malicious web shells. In: Proceedings of the 25th International Conference on World Wide Web, pp. 1021\u20131032. ACM, Montreal (2016)","DOI":"10.1145\/2872427.2882992"},{"key":"42_CR7","first-page":"66","volume":"2","author":"L Shi","year":"2016","unstructured":"Shi, L., Fang, Y.: Webshell detection method research based on web log. Inf. Secur. Res. 2, 66\u201373 (2016)","journal-title":"Inf. Secur. Res."},{"key":"42_CR8","doi-asserted-by":"crossref","unstructured":"Deng, L.Y., Lee, D., Chen, Y., Yann, L.: Lexical analysis for the WebShell attacks. In: Proceedings of the 3th International Symposium on Computer, Consumer and Control, pp. 579\u2013582. IEEE, Xian (2016)","DOI":"10.1109\/IS3C.2016.149"},{"key":"42_CR9","doi-asserted-by":"crossref","unstructured":"Cui, H., Huang, D., Fang, Y., Liu, L., Huang, C.: Webshell detection based on random forest\u2013gradient boosting decision tree algorithm. In: Proceedings of the 3rd International Conference on Data Science in Cyberspace, pp. 153\u2013160. IEEE, Guangzhou (2018)","DOI":"10.1109\/DSC.2018.00030"},{"key":"42_CR10","first-page":"1558","volume":"35","author":"W Jia","year":"2018","unstructured":"Jia, W., Qi, L., Shi, F., Hu, R.: Webshell detection method based on random forest improved algorithm. Appl. Res. Comput. 35, 1558\u20131561 (2018)","journal-title":"Appl. Res. Comput."},{"key":"42_CR11","unstructured":"NeoPI: Detection of Web Shells Using Statistical Methods (2014). https:\/\/github.com\/Neohapsis\/NeoPI"},{"key":"42_CR12","first-page":"298","volume":"5","author":"Z Ma","year":"2019","unstructured":"Ma, Z.: Research on webshell detection method based on logistic regression algorithm. J. Inf. Secur. Res. 5, 298\u2013302 (2019)","journal-title":"J. Inf. Secur. Res."},{"key":"42_CR13","doi-asserted-by":"crossref","unstructured":"Tian, Y., Wang, J., Zhou, Z., Zhou, S.: CNN-webshell: malicious web shell detection with convolutional neural network. In: Proceedings of the 6th International Conference on Network, Communication and Computing, pp. 75\u201379. ACM, Kunming (2017)","DOI":"10.1145\/3171592.3171593"},{"key":"42_CR14","first-page":"19","volume":"37","author":"B Wu","year":"2018","unstructured":"Wu, B., Zhao, L.: Webshell detection method based on deep learning and semi-supervised learning. Netw. Inf. Secur. 37, 19\u201322 (2018)","journal-title":"Netw. Inf. Secur."},{"key":"42_CR15","first-page":"17","volume":"10","author":"H Zhang","year":"2019","unstructured":"Zhang, H.: A method for WebShell detection based on semantics analysis and neural network. Cyberspace Secur. 10, 17\u201323 (2019)","journal-title":"Cyberspace Secur."},{"key":"42_CR16","unstructured":"Bryan, L., Robert, F.: Behind the Scenes with OilRig (2019). https:\/\/unit42.paloaltonetworks.com\/behind-the-scenes-with-oilrig"},{"key":"42_CR17","doi-asserted-by":"publisher","first-page":"807","DOI":"10.1109\/TC.2013.13","volume":"63","author":"G Creech","year":"2013","unstructured":"Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans. Comput. 63, 807\u2013819 (2013)","journal-title":"IEEE Trans. Comput."},{"key":"42_CR18","doi-asserted-by":"crossref","unstructured":"Creech, G., Hu, J.: Generation of a new IDS test dataset: time to retire the KDD collection. In: Proceedings of the Wireless Communications and Networking Conference, pp. 4487\u20134492. IEEE, Shanghai (2013)","DOI":"10.1109\/WCNC.2013.6555301"},{"key":"42_CR19","unstructured":"Webshell Open Source Project (2019). https:\/\/github.com\/tennc\/webshell"},{"key":"42_CR20","unstructured":"Webshell Samples (2018). https:\/\/github.com\/ysrc\/webshell-sample"},{"key":"42_CR21","unstructured":"Digital Ninja: Fuzzy clarity: using fuzzy hashing techniques to identify malicious code (2007). https:\/\/docplayer.net\/37815300-Fuzzy-clarity-using-fuzzy-hashing-techniques-to-identify-malicious-code-fuzzy-clarity-using-fuzzy-hashing-techniques-to-identify-malicious-code.html"},{"key":"42_CR22","unstructured":"Kornblum, J.: ssdeep - Fuzzy hashing program (2010). http:\/\/ssdeep.sourceforge.net\/"},{"key":"42_CR23","doi-asserted-by":"publisher","unstructured":"Li, Y., Huang, J., Ikusan, A., Mitchell, M., Zhang, J., Dai, R.: ShellBreaker: automatically detecting PHP-based malicious web shells. Comput. Secur. (2019). https:\/\/doi.org\/10.1016\/j.cose.2019.101595","DOI":"10.1016\/j.cose.2019.101595"},{"key":"42_CR24","unstructured":"Webshell && Backdoor Collection (2017). https:\/\/github.com\/xl7dev\/WebShell"},{"key":"42_CR25","unstructured":"Wordpress (2019). https:\/\/github.com\/WordPress\/WordPress"},{"key":"42_CR26","unstructured":"Joomla (2019). https:\/\/github.com\/joomla\/joomla-cms"},{"key":"42_CR27","unstructured":"October CMS (2019). https:\/\/github.com\/octobercms\/october"},{"key":"42_CR28","unstructured":"OpenCMS (2019). https:\/\/github.com\/alkacon\/opencms-core"},{"key":"42_CR29","unstructured":"BAIDU WEBDIR+Webshell Detector (2019). https:\/\/scanner.baidu.com"},{"key":"42_CR30","unstructured":"CloudWalker Platform (2018). https:\/\/github.com\/chaitin\/cloudwalker"},{"key":"42_CR31","unstructured":"Shell-Detector (2016). http:\/\/www.shelldetector.com"},{"key":"42_CR32","unstructured":"Total Security (2019). https:\/\/www.360totalsecurity.com"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-41579-2_42","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,26]],"date-time":"2020-11-26T20:35:05Z","timestamp":1606422905000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-41579-2_42"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030415785","9783030415792"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-41579-2_42","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"18 February 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Beijing","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 December 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easy Chair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"199","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"47","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}