{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T08:10:54Z","timestamp":1770883854018,"version":"3.50.1"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030913557","type":"print"},{"value":"9783030913564","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-91356-4_10","type":"book-chapter","created":{"date-parts":[[2021,11,26]],"date-time":"2021-11-26T06:01:25Z","timestamp":1637906485000},"page":"177-194","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["TridentShell: a\u00a0Covert and\u00a0Scalable Backdoor Injection Attack on\u00a0Web Applications"],"prefix":"10.1007","author":[{"given":"Xiaobo","family":"Yu","sequence":"first","affiliation":[]},{"given":"Weizhi","family":"Meng","sequence":"additional","affiliation":[]},{"given":"Lei","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Yining","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,11,27]]},"reference":[{"key":"10_CR1","unstructured":"Arthas. https:\/\/arthas.aliyun.com\/"},{"key":"10_CR2","unstructured":"China chopper. https:\/\/www.fireeye.com\/blog\/threat-research\/2013\/08\/breaking-down-the-china-chopper-web-shell-part-i.html"},{"key":"10_CR3","unstructured":"CNCERT semiannual safety report. https:\/\/www.cert.org.cn\/publish\/main\/upload\/File\/2019Firsthalfyear.pdf"},{"key":"10_CR4","unstructured":"Debug privilege. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/debug-privilege"},{"key":"10_CR5","unstructured":"Deletefilea function. https:\/\/msdn.microsoft.com\/library\/windows\/desktop\/aa363915(v=vs.85).aspx"},{"key":"10_CR6","unstructured":"Filter chain. http:\/\/tomcat.apache.org\/tomcat-5.5-doc\/servletapi\/javax\/servlet\/FilterChain.html"},{"key":"10_CR7","unstructured":"Package com.sun.tools.attach. https:\/\/docs.oracle.com\/javase\/7\/docs\/jdk\/api\/attach\/spec\/com\/sun\/tools\/attach\/package-summary.html"},{"key":"10_CR8","unstructured":"Runtime application self-protection. https:\/\/www.gartner.com\/en\/information-technology\/glossary\/runtime-application-self-protection-rasp"},{"key":"10_CR9","unstructured":"Virustotal. https:\/\/www.virustotal.com\/gui\/"},{"key":"10_CR10","unstructured":"Web shell detection using NeoPI. https:\/\/resources.infosecinstitute.com\/web-shell-detection"},{"key":"10_CR11","unstructured":"\u010cisar, P., \u010cisar, S.M.: The framework of runtime application self-protection technology, pp. 000081\u2013000086 (2016)"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"Cui, H., Huang, D., Fang, Y., Liu, L., Huang, C.: Webshell detection based on random forest-gradient boosting decision tree algorithm, pp. 153\u2013160 (2018)","DOI":"10.1109\/DSC.2018.00030"},{"issue":"1","key":"10_CR13","doi-asserted-by":"publisher","first-page":"12","DOI":"10.3390\/fi12010012","volume":"12","author":"Y Guo","year":"2020","unstructured":"Guo, Y., Marco-Gisbert, H., Keir, P.: Mitigating webshell attacks through machine learning techniques. Future Internet 12(1), 12 (2020)","journal-title":"Future Internet"},{"key":"10_CR14","first-page":"66","volume":"6","author":"B Hu","year":"2016","unstructured":"Hu, B.: Research on webshell detection method based on Bayesian theory. Sci. Mosaic 6, 66\u201370 (2016)","journal-title":"Sci. Mosaic"},{"key":"10_CR15","unstructured":"Hu, J., Xu, Z., Ma, D., Yang, J.: Research of webshell detection based on decision tree. J. Network New Media 6(005) (2012)"},{"key":"10_CR16","doi-asserted-by":"publisher","first-page":"101595","DOI":"10.1016\/j.cose.2019.101595","volume":"87","author":"Y Li","year":"2019","unstructured":"Li, Y., Huang, J., Ikusan, A., Mitchell, M., Zhang, J., Dai, R.: ShellBreaker: automatically detecting PHP-based malicious web shells. Comput. Secur. 87, 101595 (2019)","journal-title":"Comput. Secur."},{"key":"10_CR17","unstructured":"Liuyang, S., Yong, F.: Webshell detection method research based on web log. J. Netw. New Media 2(11) (2016)"},{"issue":"4","key":"10_CR18","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1016\/S1353-4858(17)30037-5","volume":"2017","author":"S Mansfield-Devine","year":"2017","unstructured":"Mansfield-Devine, S.: Fileless attacks: compromising targets without malware. Network Secur. 2017(4), 7\u201311 (2017)","journal-title":"Network Secur."},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Sun, X., Lu, X., Dai, H.: A matrix decomposition based webshell detection method, pp. 66\u201370 (2017)","DOI":"10.1145\/3058060.3058083"},{"key":"10_CR20","unstructured":"Tu, T.D., Guang, C., Xiaojun, G., Wubin, P.: Webshell detection techniques in web applications, pp. 1\u20137 (2014)"},{"key":"10_CR21","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-319-93554-6_31","volume-title":"Innovative Mobile and Internet Services in Ubiquitous Computing","author":"W Yang","year":"2019","unstructured":"Yang, W., Sun, B., Cui, B.: A webshell detection technology based on HTTP traffic analysis. In: Barolli, L., Xhafa, F., Javaid, N., Enokido, T. (eds.) IMIS 2018. AISC, vol. 773, pp. 336\u2013342. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-319-93554-6_31"},{"key":"10_CR22","doi-asserted-by":"publisher","first-page":"75268","DOI":"10.1109\/ACCESS.2018.2882517","volume":"6","author":"H Zhang","year":"2018","unstructured":"Zhang, H., et al.: Webshell traffic detection with character-level features based on deep learning. IEEE Access 6, 75268\u201375277 (2018)","journal-title":"IEEE Access"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-91356-4_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,26]],"date-time":"2021-11-26T06:02:39Z","timestamp":1637906559000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-91356-4_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030913557","9783030913564"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-91356-4_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"27 November 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 November 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/isc2021.petra.ac.id\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"87","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}