{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T08:10:03Z","timestamp":1770883803569,"version":"3.50.1"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030868895","type":"print"},{"value":"9783030868901","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-86890-1_21","type":"book-chapter","created":{"date-parts":[[2021,9,17]],"date-time":"2021-09-17T00:49:44Z","timestamp":1631839784000},"page":"368-383","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Improving Convolutional Neural Network-Based Webshell Detection Through Reinforcement Learning"],"prefix":"10.1007","author":[{"given":"Yalun","family":"Wu","sequence":"first","affiliation":[]},{"given":"Minglu","family":"Song","sequence":"additional","affiliation":[]},{"given":"Yike","family":"Li","sequence":"additional","affiliation":[]},{"given":"Yunzhe","family":"Tian","sequence":"additional","affiliation":[]},{"given":"Endong","family":"Tong","sequence":"additional","affiliation":[]},{"given":"Wenjia","family":"Niu","sequence":"additional","affiliation":[]},{"given":"Bowei","family":"Jia","sequence":"additional","affiliation":[]},{"given":"Haixiang","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Qiong","family":"Li","sequence":"additional","affiliation":[]},{"given":"Jiqiang","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,9,17]]},"reference":[{"key":"21_CR1","doi-asserted-by":"publisher","first-page":"75785","DOI":"10.1109\/ACCESS.2020.2989304","volume":"8","author":"Z Ai","year":"2020","unstructured":"Ai, Z., Luktarhan, N., Zhao, Y., Tang, C.: Ws-lsmr: malicious webshell detection algorithm based on ensemble learning. IEEE Access 8, 75785\u201375797 (2020)","journal-title":"IEEE Access"},{"issue":"5","key":"21_CR2","doi-asserted-by":"publisher","first-page":"1031","DOI":"10.1109\/TC.2012.49","volume":"62","author":"U Ben-Porat","year":"2012","unstructured":"Ben-Porat, U., Bremler-Barr, A., Levy, H.: Vulnerability of network mechanisms to sophisticated ddos attacks. IEEE Trans. Comput. 62(5), 1031\u20131043 (2012)","journal-title":"IEEE Trans. Comput."},{"issue":"184\u2013189","key":"21_CR3","first-page":"79","volume":"2001","author":"J Bergeron","year":"2001","unstructured":"Bergeron, J., Debbabi, M., Desharnais, J., Erhioui, M.M., Lavoie, Y., Tawbi, N., et al.: Static detection of malicious code in executable programs. Int. J. Req. Eng. 2001(184\u2013189), 79 (2001)","journal-title":"Int. J. Req. Eng."},{"key":"21_CR4","doi-asserted-by":"crossref","unstructured":"Deng, L.Y., Lee, D.L., Chen, Y.H., Yann, L.X.: Lexical analysis for the webshell attacks. In: 2016 International Symposium on Computer, Consumer and Control (IS3C), pp. 579\u2013582. IEEE (2016)","DOI":"10.1109\/IS3C.2016.149"},{"issue":"2","key":"21_CR5","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/s11222-009-9153-8","volume":"21","author":"T Fushiki","year":"2011","unstructured":"Fushiki, T.: Estimation of prediction error by using k-fold cross-validation. Stat. Comput. 21(2), 137\u2013146 (2011)","journal-title":"Stat. Comput."},{"key":"21_CR6","unstructured":"Gong, L., Ji, R.: What does a textcnn learn? arXiv preprint arXiv:1801.06287 (2018)"},{"key":"21_CR7","unstructured":"Haq, T., Zhai, J., Pidathala, V.K.: Advanced persistent threat (apt) detection center (Apr 18 2017), uS Patent 9,628,507"},{"key":"21_CR8","doi-asserted-by":"crossref","unstructured":"Jinping, L., Zhi, T., Jian, M., Zhiling, G., Jiemin, Z.: Mixed-models method based on machine learning in detecting webshell attack. In: Proceedings of the 2020 International Conference on Computers, Information Processing and Advanced Education, pp. 251\u2013259 (2020)","DOI":"10.1145\/3419635.3419716"},{"key":"21_CR9","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"667","DOI":"10.1007\/978-981-15-9739-8_49","volume-title":"Frontiers in Cyber Security","author":"W Kang","year":"2020","unstructured":"Kang, W., Zhong, S., Chen, K., Lai, J., Xu, G.: RF-AdaCost: webshell detection method that combines statistical features and opcode. In: Xu, G., Liang, K., Su, C. (eds.) FCS 2020. CCIS, vol. 1286, pp. 667\u2013682. Springer, Singapore (2020). https:\/\/doi.org\/10.1007\/978-981-15-9739-8_49"},{"key":"21_CR10","unstructured":"Kim, J., Yoo, D.H., Jang, H., Jeong, K.: Webshark 1.0: A benchmark collection for malicious web shell detection. JIPS 11(2), 229\u2013238 (2015)"},{"key":"21_CR11","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-319-45243-2_34","volume-title":"Computational Collective Intelligence","author":"V-G Le","year":"2016","unstructured":"Le, V.-G., Nguyen, H.-T., Lu, D.-N., Nguyen, N.-H.: A solution for automatically malicious web shell and web application vulnerability detection. In: Nguyen, N.-T., Manolopoulos, Y., Iliadis, L., Trawi\u0144ski, B. (eds.) ICCCI 2016. LNCS (LNAI), vol. 9875, pp. 367\u2013378. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45243-2_34"},{"key":"21_CR12","doi-asserted-by":"crossref","unstructured":"Matsuda, W., Fujimoto, M., Mitsunaga, T.: Real-time detection system against malicious tools by monitoring dll on client computers. In: 2019 IEEE Conference on Application, Information and Network Security (AINS), pp. 36\u201341. IEEE (2019)","DOI":"10.1109\/AINS47559.2019.8968697"},{"key":"21_CR13","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1016\/j.proeng.2011.12.680","volume":"29","author":"X Mingkun","year":"2012","unstructured":"Mingkun, X., Xi, C., Yan, H.: Design of software to search asp web shell. Procedia Eng. 29, 123\u2013127 (2012)","journal-title":"Procedia Eng."},{"key":"21_CR14","unstructured":"Mnih, V., et al.: Asynchronous methods for deep reinforcement learning. In: International conference on machine learning, pp. 1928\u20131937. PMLR (2016)"},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Nguyen, N.H., Le, V.H., Phung, V.O., Du, P.H.: Toward a deep learning approach for detecting php webshell. In: Proceedings of the Tenth International Symposium on Information and Communication Technology, pp. 514\u2013521 (2019)","DOI":"10.1145\/3368926.3369733"},{"key":"21_CR16","doi-asserted-by":"crossref","unstructured":"Qi, L., Kong, R., Lu, Y., Zhuang, H.: An end-to-end detection method for webshell with deep learning. In: 2018 Eighth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC), pp. 660\u2013665. IEEE (2018)","DOI":"10.1109\/IMCCC.2018.00143"},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Qin, X., Peng, S., Yang, X., Yao, Y.D.: Deep learning based channel code recognition using textcnn. In: 2019 IEEE International Symposium on Dynamic Spectrum Access Networks (DySPAN), pp. 1\u20135. IEEE (2019)","DOI":"10.1109\/DySPAN.2019.8935805"},{"key":"21_CR18","unstructured":"Salois, M., Charpentier, R.: Dynamic detection of malicious code in cots software. Technical Report, DEFENCE RESEARCH ESTABLISHMENT VALCARTIER (QUEBEC) (2000)"},{"key":"21_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"416","DOI":"10.1007\/978-3-030-04167-0_38","volume-title":"Neural Information Processing","author":"X Sun","year":"2018","unstructured":"Sun, X., Ma, X., Ni, Z., Bian, L.: A new lSTM network model combining TextCNN. In: Cheng, L., Leung, A.C.S., Ozawa, S. (eds.) ICONIP 2018. LNCS, vol. 11301, pp. 416\u2013424. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-04167-0_38"},{"key":"21_CR20","doi-asserted-by":"crossref","unstructured":"Sun, X., Lu, X., Dai, H.: A matrix decomposition based webshell detection method. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, pp. 66\u201370 (2017)","DOI":"10.1145\/3058060.3058083"},{"key":"21_CR21","doi-asserted-by":"crossref","unstructured":"\u0160uteva, N., Mileva, A., Loleski, M.: Computer forensic analisys of some web attacks. In: World Congress on Internet Security (WorldCIS-2014), pp. 42\u201347. IEEE (2014)","DOI":"10.1109\/WorldCIS.2014.7028164"},{"key":"21_CR22","doi-asserted-by":"crossref","unstructured":"Tian, Y., Wang, J., Zhou, Z., Zhou, S.: Cnn-webshell: malicious web shell detection with convolutional neural network. In: Proceedings of the 2017 VI International Conference on Network, Communication and Computing, pp. 75\u201379 (2017)","DOI":"10.1145\/3171592.3171593"},{"key":"21_CR23","doi-asserted-by":"crossref","unstructured":"Tianmin, G., Jiemin, Z., Jian, M.: Research on webshell detection method based on machine learning. In: 2019 3rd International Conference on Electronic Information Technology and Computer Engineering (EITCE), pp. 1391\u20131394. IEEE (2019)","DOI":"10.1109\/EITCE47263.2019.9094767"},{"key":"21_CR24","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1007\/978-3-319-91446-6_49","volume-title":"Contemporary Complex Systems and Their Dependability","author":"T Walkowiak","year":"2019","unstructured":"Walkowiak, T., Datko, S., Maciejewski, H.: Bag-of-words, bag-of-topics and word-to-vec based subject classification of text documents in polish - a comparative study. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.) DepCoS-RELCOMEX 2018. AISC, vol. 761, pp. 526\u2013535. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-319-91446-6_49"},{"key":"21_CR25","doi-asserted-by":"publisher","unstructured":"Wu, Y., Sun, Y., Huang, C., Jia, P., Liu, L.: Session-based webshell detection using machine learning in web logs. Secur. Commun. Netw. 2019, 11 p. (2019). Article ID 3093809. https:\/\/doi.org\/10.1155\/2019\/3093809","DOI":"10.1155\/2019\/3093809"},{"key":"21_CR26","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-319-93554-6_31","volume-title":"Innovative Mobile and Internet Services in Ubiquitous Computing","author":"W Yang","year":"2019","unstructured":"Yang, W., Sun, B., Cui, B.: A webshell detection technology based on HTTP traffic analysis. In: Barolli, L., Xhafa, F., Javaid, N., Enokido, T. (eds.) IMIS 2018. AISC, vol. 773, pp. 336\u2013342. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-319-93554-6_31"},{"key":"21_CR27","doi-asserted-by":"publisher","first-page":"75268","DOI":"10.1109\/ACCESS.2018.2882517","volume":"6","author":"H Zhang","year":"2018","unstructured":"Zhang, H., et al.: Webshell traffic detection with character-level features based on deep learning. IEEE Access 6, 75268\u201375277 (2018)","journal-title":"IEEE Access"},{"key":"21_CR28","doi-asserted-by":"crossref","unstructured":"Zhongzheng, X., Luktarhan, N.: Webshell detection with byte-level features based on deep learning. J. Intell. Fuzzy Syst. (Preprint) 40(1), 1585\u20131596 (2021)","DOI":"10.3233\/JIFS-200314"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-86890-1_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,17]],"date-time":"2021-09-17T01:02:04Z","timestamp":1631840524000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-86890-1_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030868895","9783030868901"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-86890-1_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"17 September 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Chongqing","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 September 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.icics.cn\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"182","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"49","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}