{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T18:07:13Z","timestamp":1772042833996,"version":"3.50.1"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783031157769","type":"print"},{"value":"9783031157776","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-15777-6_24","type":"book-chapter","created":{"date-parts":[[2022,8,23]],"date-time":"2022-08-23T15:24:33Z","timestamp":1661268273000},"page":"438-457","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Deep Learning Based Webshell Detection Coping with Long Text and Lexical Ambiguity"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1020-5726","authenticated-orcid":false,"given":"Tongjian","family":"An","sequence":"first","affiliation":[]},{"given":"Xuefei","family":"Shui","sequence":"additional","affiliation":[]},{"given":"Hongkui","family":"Gao","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,8,24]]},"reference":[{"issue":"2","key":"24_CR1","first-page":"229","volume":"11","author":"J Kim","year":"2015","unstructured":"Kim, J., Yoo, D.H., Jang, H., Jeong, K.: WebSHArk 1.0: a benchmark collection for malicious web shell detection. J. Inf. Process. Syst. 11(2), 229\u2013238 (2015)","journal-title":"J. Inf. Process. Syst."},{"key":"24_CR2","doi-asserted-by":"publisher","first-page":"102366","DOI":"10.1016\/j.cose.2021.102366","volume":"108","author":"A Hannousse","year":"2021","unstructured":"Hannousse, A., Yahiouche, S.: Handling webshell attacks: a systematic mapping and survey. Comput. Secur. 108, 102366 (2021)","journal-title":"Comput. Secur."},{"key":"24_CR3","unstructured":"Web shell attacks continue to rise. https:\/\/www.microsoft.com\/security\/blog\/2021\/02\/11\/web-shell-attacks-continue-to-rise\/. Accessed 10 Feb 2022"},{"key":"24_CR4","doi-asserted-by":"publisher","first-page":"185140","DOI":"10.1109\/ACCESS.2019.2959950","volume":"7","author":"T Li","year":"2019","unstructured":"Li, T., Ren, C., Fu, Y., et al.: Webshell detection based on the word attention mechanism. IEEE Access 7, 185140\u2013185147 (2019)","journal-title":"IEEE Access"},{"key":"24_CR5","unstructured":"Tu, T.D., Guang, C., Xiaojun, et al.: Webshell detection techniques in web applications. In: Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT), pp. 1\u20137. IEEE (2014)"},{"key":"24_CR6","first-page":"62","volume":"28","author":"C Wang","year":"2016","unstructured":"Wang, C., Yang, H., Zhao, Z., et al.: The research and improvement in the detection of PHP variable webshell based on information entropy. J. Comput. 28, 62\u201368 (2016)","journal-title":"J. Comput."},{"key":"24_CR7","doi-asserted-by":"crossref","unstructured":"Croix, A., Debatty, T., Mees, W.: Training a multi-criteria decision system and application to the detection of PHP webshells. In: 2019 International Conference on Military Communications and Information Systems (ICMCIS), pp. 1\u20138. IEEE (2019)","DOI":"10.1109\/ICMCIS.2019.8842705"},{"issue":"1","key":"24_CR8","doi-asserted-by":"publisher","first-page":"12","DOI":"10.3390\/fi12010012","volume":"12","author":"Y Guo","year":"2020","unstructured":"Guo, Y., Marco-Gisbert, H., Keir, P.: Mitigating webshell attacks through machine learning techniques. Future Internet 12(1), 12 (2020)","journal-title":"Future Internet"},{"issue":"6","key":"24_CR9","first-page":"445","volume":"13","author":"A Kurniawan","year":"2019","unstructured":"Kurniawan, A., Abbas, B.S., Trisetyarso, A., et al.: Classification of web backdoor malware based on function call execution of static analysis. ICIC Express Lett. 13(6), 445\u2013452 (2019)","journal-title":"ICIC Express Lett."},{"key":"24_CR10","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-030-56223-6_4","volume-title":"DigitalForensics 2020","author":"W Huang","year":"2020","unstructured":"Huang, W., et al.: Enhancing the feature profiles of web shells by analyzing the performance of multiple detectors. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2020. IFIP Advances in Information and Communication Technology, vol. 589, pp. 57\u201372. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56223-6_4"},{"key":"24_CR11","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/978-981-13-6621-5_6","volume-title":"Cyber Security","author":"Z-H Lv","year":"2019","unstructured":"Lv, Z.-H., Yan, H.-B., Mei, R.: Automatic and accurate detection of webshell based on convolutional neural network. In: Yun, X., et al. (eds.) CNCERT 2018. CCIS, vol. 970, pp. 73\u201385. Springer, Singapore (2019). https:\/\/doi.org\/10.1007\/978-981-13-6621-5_6"},{"key":"24_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-030-86890-1_21","volume-title":"Information and Communications Security","author":"Y Wu","year":"2021","unstructured":"Wu, Y., et al.: Improving convolutional neural network-based webshell detection through reinforcement learning. In: Gao, D., Li, Qi., Guan, X., Liao, X. (eds.) ICICS 2021. LNCS, vol. 12918, pp. 368\u2013383. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-86890-1_21"},{"key":"24_CR13","doi-asserted-by":"crossref","unstructured":"Qi, L., Kong, R., Lu, Y., et al.: An end-to-end detection method for webshell with deep learning. In: 2018 Eighth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC), pp. 660\u2013665. IEEE (2018)","DOI":"10.1109\/IMCCC.2018.00143"},{"key":"24_CR14","unstructured":"Devlin, J., Chang, M.W., Lee, K., et al.: Bert: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)"},{"key":"24_CR15","doi-asserted-by":"crossref","unstructured":"Feng, Z., Guo, D., Tang, D., et al.: Codebert: a pre-trained model for programming and natural languages. arXiv preprint arXiv:2002.08155 (2020)","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"24_CR16","unstructured":"https:\/\/github.com\/composer\/composer. Accessed 10 Feb 2022"},{"key":"24_CR17","unstructured":"https:\/\/github.com\/monicahq\/monica. Accessed 10 Feb 2022"},{"key":"24_CR18","unstructured":"Oak, R., Du, M., Yan, D., et al.: Malware detection on highly imbalanced data through sequence modeling. In: Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, pp. 37\u201348, November"},{"key":"24_CR19","doi-asserted-by":"publisher","first-page":"132367","DOI":"10.1109\/ACCESS.2020.3002863","volume":"8","author":"J Hou","year":"2020","unstructured":"Hou, J., Li, X., Yao, H., et al.: Bert-based Chinese relation extraction for public security. IEEE Access 8, 132367\u2013132375 (2020)","journal-title":"IEEE Access"},{"key":"24_CR20","doi-asserted-by":"crossref","unstructured":"Li, X., Qu, Y., Yin, H.: Palmtree: learning an assembly language model for instruction embedding. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 3236\u20133251 (2021)","DOI":"10.1145\/3460120.3484587"},{"key":"24_CR21","unstructured":"Akbik, A., Bergmann, T., Blythe, D., et al.: FLAIR: an easy-to-use framework for state-of-the-art NLP. In: Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics (Demonstrations), pp. 54\u201359 (2019)"},{"key":"24_CR22","first-page":"12792","volume":"33","author":"M Ding","year":"2020","unstructured":"Ding, M., Zhou, C., Yang, H., et al.: Cogltx: applying bert to long texts. Adv. Neural. Inf. Process. Syst. 33, 12792\u201312804 (2020)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"issue":"6","key":"24_CR23","doi-asserted-by":"publisher","first-page":"e4085","DOI":"10.1002\/ett.4085","volume":"33","author":"B Yong","year":"2020","unstructured":"Yong, B., et al.: Ensemble machine learning approaches for webshell detection in Internet of things environments. Trans. Emerg. Telecommun. Technol. 33(6), e4085 (2020)","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"24_CR24","unstructured":"Delorey, D. P., Knutson, C. D., Davies, M.: Mining programming language vocabularies from source code. In: PPIG, p. 12 (2009)"},{"key":"24_CR25","unstructured":"Liu, Y., Ott, M., Goyal, N., Du, J., et al.: A robustly optimized bert pretraining approach. arXiv preprint arXiv:1907.11692 (2019)"},{"issue":"18","key":"24_CR26","doi-asserted-by":"publisher","first-page":"6274","DOI":"10.3390\/app10186274","volume":"10","author":"T Zhu","year":"2020","unstructured":"Zhu, T., Weng, Z., Fu, L., et al.: A web shell detection method based on multiview feature fusion. Appl. Sci. 10(18), 6274 (2020)","journal-title":"Appl. Sci."},{"key":"24_CR27","doi-asserted-by":"publisher","first-page":"75785","DOI":"10.1109\/ACCESS.2020.2989304","volume":"8","author":"Z Ai","year":"2020","unstructured":"Ai, Z., Luktarhan, N., Zhao, Y., et al.: WS-LSMR: malicious webshell detection algorithm based on ensemble learning. IEEE Access 8, 75785\u201375797 (2020)","journal-title":"IEEE Access"},{"key":"24_CR28","doi-asserted-by":"crossref","unstructured":"Mihalcea, R., Tarau, P.: Textrank: Bringing order into text. In: Proceedings of the 2004 Conference on Empirical Methods in Natural Language Processing, pp. 404\u2013411 (2004)","DOI":"10.3115\/1220575.1220627"},{"key":"24_CR29","unstructured":"Page, L., Brin, S., Motwani, R., et al.: The PageRank citation ranking: bringing order to the web. Stanford InfoLab (1999)"},{"key":"24_CR30","unstructured":"https:\/\/github.com\/microsoft\/CodeBERT. Accessed 17 Feb 2022"},{"key":"24_CR31","doi-asserted-by":"crossref","unstructured":"Kim, Y.: Convolutional neural networks for sentence classification. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 1746\u20131751 (2014)","DOI":"10.3115\/v1\/D14-1181"},{"key":"24_CR32","doi-asserted-by":"crossref","unstructured":"Min, S., Zhong, V., Socher, R., et al.: Efficient and robust question answering from minimal context over documents. In: Proceedings of the 56th Annual Meeting of the Association for Computational Linguistics, pp. 1725\u20131735 (2018)","DOI":"10.18653\/v1\/P18-1160"},{"issue":"8","key":"24_CR33","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735\u20131780 (1997)","journal-title":"Neural Comput."},{"key":"24_CR34","unstructured":"Vaswani, A., Shazeer, N., Parmar, N., et al.: Attention is all you need.\u00a0Adv. Neural Inf. Process. Syst.\u00a030 (2017)"},{"key":"24_CR35","unstructured":"Lee, Y.J., Choi, S. H., Kim, C., et al.: Learning binary code with deep learning to detect software weakness. In: KSII the 9th International Conference on Internet (ICONI) 2017 Symposium (2017)"},{"key":"24_CR36","unstructured":"Lu, S., Guo, D., Ren, S., et al.: Codexglue: A machine learning benchmark dataset for code understanding and generation.\u00a0arXiv preprint arXiv:2102.04664 (2021)"},{"key":"24_CR37","unstructured":"http:\/\/www.d99net.net\/. Accessed 24 Mar 2022"},{"key":"24_CR38","unstructured":"https:\/\/edr.sangfor.com.cn\/api\/download\/WebShellKillerTool.zip. Accessed 24 Mar 2022"},{"key":"24_CR39","unstructured":"https:\/\/github.com\/chaitin\/cloudwalker. Accessed 24 Mar 2022"},{"key":"24_CR40","unstructured":"https:\/\/github.com\/lyccol\/CodeBERT-based-webshell-detection. Accessed 09 Jun 2022"},{"key":"24_CR41","unstructured":"https:\/\/github.com\/5wimming\/bert-webshell. Accessed 09 Jun 2022"},{"key":"24_CR42","doi-asserted-by":"crossref","unstructured":"Backes, M., Rieck, K., Skoruppa, M., et al.: Efficient and flexible discovery of PHP application vulnerabilities. In:\u00a02017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 334\u2013349 (2017)","DOI":"10.1109\/EuroSP.2017.14"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-15777-6_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,2]],"date-time":"2024-10-02T10:30:12Z","timestamp":1727865012000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-15777-6_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031157769","9783031157776"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-15777-6_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"24 August 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}