{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T18:07:14Z","timestamp":1772042834488,"version":"3.50.1"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2022,10,18]],"date-time":"2022-10-18T00:00:00Z","timestamp":1666051200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,10,18]],"date-time":"2022-10-18T00:00:00Z","timestamp":1666051200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2023,2]]},"DOI":"10.1007\/s10207-022-00615-5","type":"journal-article","created":{"date-parts":[[2022,10,18]],"date-time":"2022-10-18T07:02:42Z","timestamp":1666076562000},"page":"47-61","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["A deep learner model for multi-language webshell detection"],"prefix":"10.1007","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8895-4161","authenticated-orcid":false,"given":"Abdelhakim","family":"Hannousse","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohamed Cherif","family":"Nait-Hamoud","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Salima","family":"Yahiouche","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,10,18]]},"reference":[{"key":"615_CR1","doi-asserted-by":"publisher","DOI":"10.3390\/technologies9030052","author":"MM Ahsan","year":"2021","unstructured":"Ahsan, M.M., Mahmud, M.A.P., Saha, P.K., Gupta, K.D., Siddique, Z.: Effect of data scaling methods on machine learning algorithms and model performance. Technologies (2021). https:\/\/doi.org\/10.3390\/technologies9030052","journal-title":"Technologies"},{"key":"615_CR2","doi-asserted-by":"publisher","unstructured":"Allamanis, M.: The adverse effects of code duplication in machine learning models of code. In: Proceedings of the 2019 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software. 143\u2013153. Onward! 2019, ACM, New York, NY, USA (2019). https:\/\/doi.org\/10.1145\/3359591.3359735","DOI":"10.1145\/3359591.3359735"},{"key":"615_CR3","unstructured":"Avast: Avast software: Free antivirus is your first step to online freedom. [online], available: (1995). https:\/\/www.avast.com\/"},{"key":"615_CR4","unstructured":"Bengfort, B., Bilbro, R., Ojeda, T.: Applied Text Analysis with Python: Enabling Language-Aware Data Products with Machine Learning, 1st edn. O\u2019Reilly Media Inc. (2018)"},{"key":"615_CR5","doi-asserted-by":"publisher","unstructured":"Cui, H., Huang, D., Fang, Y., Liu, L., Huang, C.: Webshell detection based on random forest\u2013gradient boosting decision tree algorithm. In: 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). pp. 153\u2013160. IEEE CS (2018). https:\/\/doi.org\/10.1109\/DSC.2018.00030","DOI":"10.1109\/DSC.2018.00030"},{"key":"615_CR6","doi-asserted-by":"publisher","unstructured":"Fang, Y., Qiu, Y., Liu, L., Huang, C.: Detecting webshell based on random forest with fasttext. In: Proceedings of the 2018 International Conference on Computing and Artificial Intelligence. 52\u201356. ICCAI 2018, ACM, New York, NY, USA (2018). https:\/\/doi.org\/10.1145\/3194452.3194470","DOI":"10.1145\/3194452.3194470"},{"issue":"1","key":"615_CR7","first-page":"1","volume":"12","author":"Y Guo","year":"2020","unstructured":"Guo, Y., Marco-Gisbert, H., Keir, P.: Mitigating webshell attacks through machine learning techniques. Fut. Internet 12(1), 1\u201316 (2020)","journal-title":"Fut. Internet"},{"key":"615_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102366","volume":"108","author":"A Hannousse","year":"2021","unstructured":"Hannousse, A., Yahiouche, S.: Handling webshell attacks: a systematic mapping and survey. Comput. Secur. 108, 102366 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102366","journal-title":"Comput. Secur."},{"key":"615_CR9","doi-asserted-by":"publisher","unstructured":"Hannousse, A., Yahiouche, S.: Multi-language webshell dataset. Mendeley Data, V1 (2021). https:\/\/doi.org\/10.17632\/wt8m6bcwbr.1","DOI":"10.17632\/wt8m6bcwbr.1"},{"key":"615_CR10","doi-asserted-by":"publisher","unstructured":"Hannousse, A., Yahiouche, S.: RF-DNN$$^{2}$$: An ensemble learner for effective detection of PHP Webshells. In: Proceedings of the International Conference on Artificial Intelligence for Cyber Security Systems and Privacy. pp. 1\u20136. AI-CSP\u201921, IEEE CS (2021). https:\/\/doi.org\/10.1109\/AI-CSP52968.2021.9671226","DOI":"10.1109\/AI-CSP52968.2021.9671226"},{"key":"615_CR11","doi-asserted-by":"crossref","unstructured":"Hannousse, A., Yahiouche, S., Nait-Hamoud, M.C: Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey. CoRR, arXiv:2205.08425v2, 1\u201352 (2022)","DOI":"10.1016\/j.cosrev.2024.100634"},{"key":"615_CR12","doi-asserted-by":"publisher","unstructured":"Kang, W., Zhong, S., Chen, K., Lai, J., Xu, G.: Rf-adacost: Webshell detection method that combines statistical features and opcode. In: Proceedings of the 3rd International Conference on Frontiers in Cyber Security. pp. 667\u2013682. FCS 2020, Springer Singapore, Singapore (2020). https:\/\/doi.org\/10.1007\/978-981-15-9739-8_49","DOI":"10.1007\/978-981-15-9739-8_49"},{"key":"615_CR13","unstructured":"Leal, L.: Webshell in fake plugin \/blnmrpb\/ directory, [online], available: (2020). https:\/\/blog.sucuri.net\/2020\/01\/webshell-in-fake-plugin-blnmrpb-directory.html"},{"key":"615_CR14","doi-asserted-by":"publisher","unstructured":"Li W., Zhang Z., Wang L.: A dynamic and heterogeneous web application to defense webshell attacks by using diversified PHP code. In: Proceedings of the 4th International Conference on Communication and Information Processing. 107\u2013111. ICCIP \u201918. ACM (2018). https:\/\/doi.org\/10.1145\/3290420.3290438","DOI":"10.1145\/3290420.3290438"},{"key":"615_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2019.101595","volume":"87","author":"Y Li","year":"2019","unstructured":"Li, Y., Huang, J., Ikusan, A., Mitchell, M., Zhang, J., Dai, R.: Shellbreaker: automatically detecting php-based malicious web shells. Comput. Secur. 87, 1\u201311 (2019). https:\/\/doi.org\/10.1016\/j.cose.2019.101595","journal-title":"Comput. Secur."},{"key":"615_CR16","doi-asserted-by":"publisher","DOI":"10.1145\/3133908","author":"CV Lopes","year":"2017","unstructured":"Lopes, C.V., Maj, P., Martins, P., Saini, V., Yang, D., Zitny, J., Sajnani, H., Vitek, J.: D\u00e9j\u00e0vu: a map of code duplicates on github. Proc. ACM Prog. Lang. (2017). https:\/\/doi.org\/10.1145\/3133908","journal-title":"Proc. ACM Prog. Lang."},{"key":"615_CR17","doi-asserted-by":"publisher","unstructured":"Lv, Z.H., Yan, H.B., Mei, R.: Automatic and accurate detection of webshell based on convolutional neural network. In: Proceedings of the 15th International Annual Conference on Cyber Security, pp. 73\u201385. CNCERT 2018, Springer Singapore (2019). https:\/\/doi.org\/10.1007\/978-981-13-6621-5_6","DOI":"10.1007\/978-981-13-6621-5_6"},{"key":"615_CR18","unstructured":"Microsoft 365 Defender Research Team: Web shell attacks continue to rise, [online], available: (2021). https:\/\/www.microsoft.com\/security\/blog\/2021\/02\/11\/web-shell-attacks-continue-to-rise\/"},{"key":"615_CR19","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1016\/j.infsof.2017.11.010","volume":"96","author":"H Mumtaz","year":"2018","unstructured":"Mumtaz, H., Alshayeb, M., Mahmood, S., Niazi, M.: An empirical study to improve software security through the application of code refactoring. Inf. Softw. Technol. 96, 112\u2013125 (2018). https:\/\/doi.org\/10.1016\/j.infsof.2017.11.010","journal-title":"Inf. Softw. Technol."},{"key":"615_CR20","doi-asserted-by":"publisher","unstructured":"Naderi-Afooshteh, A., Kwon, Y., Nguyen-Tuong, A., Bagheri-Marzijarani, M., Davidson, J.W.: Cubismo: Decloaking server-side malware via cubist program analysis. In: Proceedings of the 35th Annual Computer Security Applications Conference, pp. 430\u2013443. ACSAC \u201919, ACM (2019). https:\/\/doi.org\/10.1145\/3359789.3359821","DOI":"10.1145\/3359789.3359821"},{"key":"615_CR21","unstructured":"OWASP: Owasp top 10: The ten most critical web application security risks. Tech. rep., OWASP Foundation (2017). https:\/\/owasp.org\/www-project-top-ten\/"},{"key":"615_CR22","unstructured":"Qihoo 360: 360 total security: Protection antivirus gratuitet. [online], available: (2014). https:\/\/www.360totalsecurity.com"},{"issue":"1","key":"615_CR23","doi-asserted-by":"publisher","first-page":"1929","DOI":"10.5555\/2627435.2670313","volume":"15","author":"N Srivastava","year":"2014","unstructured":"Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., Salakhutdinov, R.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. 15(1), 1929\u20131958 (2014). https:\/\/doi.org\/10.5555\/2627435.2670313","journal-title":"J. Mach. Learn. Res."},{"key":"615_CR24","doi-asserted-by":"publisher","unstructured":"Starov, O., Dahse, J., Ahmad, S.S., Holz, T., Nikiforakis, N.: No honor among thieves: A large-scale analysis of malicious web shells. In: Proceedings of the 25th International Conference on World Wide Web, pp. 1021\u20131032. WWW \u201916, ACM (2016). https:\/\/doi.org\/10.1145\/2872427.2882992","DOI":"10.1145\/2872427.2882992"},{"key":"615_CR25","doi-asserted-by":"publisher","unstructured":"Sun, X., Lu, X., Dai, H.: A matrix decomposition based webshell detection method. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, pp. 66\u201370. ICCSP \u201917, ACM (2017). https:\/\/doi.org\/10.1145\/3058060.3058083","DOI":"10.1145\/3058060.3058083"},{"key":"615_CR26","doi-asserted-by":"publisher","unstructured":"Tu T.D., Guang C., Xiaojun G., Wubin P.: Webshell detection techniques in web applications. In: Proceedings of the fifth International Conference on Computing, Communications and Networking Technologies, pp. 1\u20137. ICCCNT\u201914, IEEE CS (2014). https:\/\/doi.org\/10.1109\/ICCCNT.2014.6963152","DOI":"10.1109\/ICCCNT.2014.6963152"},{"key":"615_CR27","unstructured":"VirusTotal: Free online virus, malware and url scanner, [online], available: (2016). https:\/\/www.virustotal.com\/"},{"key":"615_CR28","unstructured":"W3Techs: Usage statistics of server-side programming languages for websites, [online], available: (2021). https:\/\/w3techs.com\/technologies\/overview\/programming_language"},{"key":"615_CR29","doi-asserted-by":"publisher","first-page":"115222","DOI":"10.1016\/j.eswa.2021.115222","volume":"182","author":"J Wainer","year":"2021","unstructured":"Wainer, J., Cawley, G.: Nested cross-validation when selecting classifiers is overzealous for most practical applications. Expert Syst. Appl. 182, 115222 (2021). https:\/\/doi.org\/10.1016\/j.eswa.2021.115222","journal-title":"Expert Syst. Appl."},{"key":"615_CR30","doi-asserted-by":"publisher","first-page":"62","DOI":"10.3966\/199115992017102805006","volume":"28","author":"C Wang","year":"2017","unstructured":"Wang, C., Yang, H., Zhao, Z., Gong, L., Li, Z.: The Research and Improvement in the Detection of PHP Variable WebShell based on Information Entropy. J. Comput. 28, 62\u201368 (2017). https:\/\/doi.org\/10.3966\/199115992017102805006","journal-title":"J. Comput."},{"issue":"2","key":"615_CR31","doi-asserted-by":"publisher","first-page":"65","DOI":"10.23919\/SAIEE.2016.8531543","volume":"107","author":"P Wrench","year":"2016","unstructured":"Wrench, P., Irwin, B.: Detecting derivative malware samples using deobfuscation-assisted similarity analysis. SAIEE Africa Res. J. 107(2), 65\u201377 (2016). https:\/\/doi.org\/10.23919\/SAIEE.2016.8531543","journal-title":"SAIEE Africa Res. J."},{"key":"615_CR32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2019\/3093809","volume":"2019","author":"Y Wu","year":"2019","unstructured":"Wu, Y., Sun, Y., Huang, C., Jia, P., Liu, L., Schrittwieser, S.: Session-based webshell detection using machine learning in web logs. Secur. Commun. Netw. 2019, 1\u201311 (2019). https:\/\/doi.org\/10.1155\/2019\/3093809","journal-title":"Secur. Commun. Netw."},{"key":"615_CR33","doi-asserted-by":"publisher","unstructured":"Yadav, T., Rao, A.M.: Technical Aspects of Cyber Kill Chain. In: Proceedings of the International Symposium on Security in Computing and Communication, pp. 438\u2013452. SSCC 2015. Springer (2015). https:\/\/doi.org\/10.1007\/978-3-319-22915-7_40","DOI":"10.1007\/978-3-319-22915-7_40"},{"issue":"18","key":"615_CR34","doi-asserted-by":"publisher","first-page":"6274","DOI":"10.3390\/app10186274","volume":"10","author":"T Zhu","year":"2020","unstructured":"Zhu, T., Weng, Z., Fu, L., Ruan, L.: A web shell detection method based on multiview feature fusion. Appl. Sci. 10(18), 6274 (2020). https:\/\/doi.org\/10.3390\/app10186274","journal-title":"Appl. Sci."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00615-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-022-00615-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00615-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,6]],"date-time":"2024-10-06T00:04:22Z","timestamp":1728173062000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-022-00615-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,18]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,2]]}},"alternative-id":["615"],"URL":"https:\/\/doi.org\/10.1007\/s10207-022-00615-5","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,10,18]]},"assertion":[{"value":"18 October 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any study with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}