{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T13:50:08Z","timestamp":1770817808817,"version":"3.50.1"},"reference-count":71,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T00:00:00Z","timestamp":1761696000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T00:00:00Z","timestamp":1761696000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100012165","name":"Key Technologies Research and Development Program","doi-asserted-by":"publisher","award":["2023YFB3107301"],"award-info":[{"award-number":["2023YFB3107301"]}],"id":[{"id":"10.13039\/501100012165","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2026,1]]},"DOI":"10.1007\/s10664-025-10723-0","type":"journal-article","created":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T05:03:19Z","timestamp":1761714199000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["WebShell detection based on deep residual network"],"prefix":"10.1007","volume":"31","author":[{"given":"Fucai","family":"Yu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xusheng","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ziqiang","family":"Chang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gaolei","family":"Fei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yong","family":"Ding","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tianqing","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3344-3647","authenticated-orcid":false,"given":"Xuemeng","family":"Zhai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,10,29]]},"reference":[{"key":"10723_CR1","doi-asserted-by":"publisher","first-page":"75785","DOI":"10.1109\/ACCESS.2020.2989304","volume":"8","author":"Z Ai","year":"2020","unstructured":"Ai Z, Luktarhan N, Zhao Y et al (2020a) Ws-lsmr: malicious webshell detection algorithm based on ensemble learning. IEEE Access 8:75785\u201375797. https:\/\/doi.org\/10.1109\/ACCESS.2020.2989304","journal-title":"IEEE Access"},{"issue":"9","key":"10723_CR2","doi-asserted-by":"publisher","first-page":"1406","DOI":"10.3390\/sym12091406","volume":"12","author":"Z Ai","year":"2020","unstructured":"Ai Z, Luktarhan N, Zhou A et al (2020b) Webshell attack detection based on a deep super learner. Symmetry 12(9):1406. https:\/\/doi.org\/10.3390\/sym12091406","journal-title":"Symmetry"},{"key":"10723_CR3","doi-asserted-by":"publisher","unstructured":"Altayaran SA, Elmedany W (2021) Integrating web application security penetration testing into the software development life cycle: a systematic literature review. In: 2021 International Conference on Data Analytics for Business and Industry (ICDABI), pp 671\u2013676, https:\/\/doi.org\/10.1109\/ICDABI53623.2021.9655950","DOI":"10.1109\/ICDABI53623.2021.9655950"},{"key":"10723_CR4","doi-asserted-by":"publisher","unstructured":"An T, Shui X, Gao H (2022) Deep learning based webshell detection coping with long text and lexical ambiguity. In: International conference on information and communications security, Springer, pp 438\u2013457, https:\/\/doi.org\/10.1007\/978-3-031-15777-6_24","DOI":"10.1007\/978-3-031-15777-6_24"},{"key":"10723_CR5","doi-asserted-by":"crossref","unstructured":"Appelt D, Nguyen CD, Briand L (2015) Behind an application firewall, are we safe from sql injection attacks? In: 2015 IEEE 8th international conference on software testing, verification and validation (ICST), IEEE, pp 1\u201310","DOI":"10.1109\/ICST.2015.7102581"},{"key":"10723_CR7","unstructured":"Canali D, Balzarotti D (2013) Behind the scenes of online attacks: an analysis of exploitation behaviors on the web. In: 20th Annual Network & Distributed System Security Symposium (NDSS 2013), pp n\u2013a"},{"key":"10723_CR8","doi-asserted-by":"publisher","first-page":"987","DOI":"10.1109\/TIFS.2019.2932228","volume":"15","author":"X Chen","year":"2019","unstructured":"Chen X, Li C, Wang D et al (2019) Android hiv: a study of repackaging malware for evading machine-learning detection. IEEE Trans Inf Forensics Secur 15:987\u20131001. https:\/\/doi.org\/10.1109\/TIFS.2019.2932228","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10723_CR9","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1016\/j.neucom.2012.08.001","volume":"99","author":"Z Chen","year":"2013","unstructured":"Chen Z, Chi Z, Fu H et al (2013) Multi-instance multi-label image classification: a neural approach. Neurocomputing 99:298\u2013306. https:\/\/doi.org\/10.1016\/j.neucom.2012.08.001","journal-title":"Neurocomputing"},{"key":"10723_CR10","doi-asserted-by":"crossref","unstructured":"Cheng B, Guo Y, Ren Y, et\u00a0al (2022) Msdetector: a static php webshell detection system based on deep-learning. In: International symposium on theoretical aspects of software engineering, Springer, pp 155\u2013172","DOI":"10.1007\/978-3-031-10363-6_11"},{"key":"10723_CR11","doi-asserted-by":"publisher","unstructured":"Cheng H, Qu Y, Liu W, et\u00a0al (2025) Decentralized federated learning for private smart healthcare: a survey. Mathematics 13(8). https:\/\/doi.org\/10.3390\/math13081296","DOI":"10.3390\/math13081296"},{"key":"10723_CR12","doi-asserted-by":"publisher","unstructured":"Cheng K, Wang H, Hu G, et\u00a0al (2021) Research on webshell detection based on semantic analysis and text-cnn. In: 2021 17th international conference on Computational Intelligence and Security (CIS), IEEE, pp 529\u2013534, https:\/\/doi.org\/10.1109\/CIS54983.2021.00115","DOI":"10.1109\/CIS54983.2021.00115"},{"issue":"7","key":"10723_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3716628","volume":"57","author":"Z Deng","year":"2025","unstructured":"Deng Z, Guo Y, Han C et al (2025a) Ai agents under threat: a survey of key security challenges and future pathways. ACM Comput Surv 57(7):1\u201336","journal-title":"ACM Comput Surv"},{"issue":"5","key":"10723_CR14","doi-asserted-by":"publisher","first-page":"872","DOI":"10.1109\/JAS.2025.125498","volume":"12","author":"Z Deng","year":"2025","unstructured":"Deng Z, Ma W, Han QL et al (2025b) Exploring deepseek: a survey on advances, applications, challenges and future directions. IEEE\/CAA J Automatica Sinica 12(5):872\u2013893","journal-title":"IEEE\/CAA J Automatica Sinica"},{"key":"10723_CR15","doi-asserted-by":"publisher","unstructured":"Deng Z, Sun R, Xue M et al (2025) Hardening llm fine-tuning: From differentially private data selection to trustworthy model quantization. IEEE Trans Inf Forensics Secur:1\u20131. https:\/\/doi.org\/10.1109\/TIFS.2025.3581103","DOI":"10.1109\/TIFS.2025.3581103"},{"issue":"4","key":"10723_CR16","doi-asserted-by":"publisher","first-page":"3661","DOI":"10.1109\/TDSC.2025.3532957","volume":"22","author":"Z Deng","year":"2025","unstructured":"Deng Z, Sun R, Xue M et al (2025d) Leakage-resilient and carbon-neutral aggregation featuring the federated ai-enabled critical infrastructure. IEEE Trans Dependable Secure Comput 22(4):3661\u20133675. https:\/\/doi.org\/10.1109\/TDSC.2025.3532957","journal-title":"IEEE Trans Dependable Secure Comput"},{"issue":"8","key":"10723_CR17","doi-asserted-by":"publisher","first-page":"1482","DOI":"10.3390\/electronics13081482","volume":"13","author":"C Dong","year":"2024","unstructured":"Dong C, Li D (2024) Ast-df: a new webshell detection method based on abstract syntax tree and deep forest. Electronics 13(8):1482. https:\/\/doi.org\/10.3390\/electronics13081482","journal-title":"Electronics"},{"key":"10723_CR18","doi-asserted-by":"publisher","unstructured":"Fang Y, Qiu Y, Liu L, et\u00a0al (2018) Detecting webshell based on random forest with fasttext. In: Proceedings of the 2018 international conference on computing and artificial intelligence, pp 52\u201356, https:\/\/doi.org\/10.1145\/3194452.319447","DOI":"10.1145\/3194452.319447"},{"key":"10723_CR19","doi-asserted-by":"publisher","first-page":"110406","DOI":"10.1016\/j.comnet.2024.110406","volume":"245","author":"P Feng","year":"2024","unstructured":"Feng P, Wei D, Li Q et al (2024) Glareshell: graph learning-based php webshell detection for web server of industrial internet. Comput Netw 245:110406. https:\/\/doi.org\/10.1016\/j.comnet.2024.110406","journal-title":"Comput Netw"},{"issue":"3","key":"10723_CR20","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/s41095-022-0271-y","volume":"8","author":"MH Guo","year":"2022","unstructured":"Guo MH, Xu TX, Liu JJ et al (2022) Attention mechanisms in computer vision: a survey. Comput Visual Media 8(3):331\u2013368. https:\/\/doi.org\/10.1007\/s41095-022-0271-y","journal-title":"Comput Visual Media"},{"key":"10723_CR21","doi-asserted-by":"publisher","first-page":"102366","DOI":"10.1016\/j.cose.2021.102366","volume":"108","author":"A Hannousse","year":"2021","unstructured":"Hannousse A, Yahiouche S (2021) Handling webshell attacks: a systematic mapping and survey. Comput Secur 108:102366. https:\/\/doi.org\/10.1016\/j.cose.2021.102366","journal-title":"Comput Secur"},{"issue":"1","key":"10723_CR22","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/s10207-022-00615-5","volume":"22","author":"A Hannousse","year":"2023","unstructured":"Hannousse A, Nait-Hamoud MC, Yahiouche S (2023) A deep learner model for multi-language webshell detection. Int J Inf Secur 22(1):47\u201361. https:\/\/doi.org\/10.1007\/s10207-022-00615-5","journal-title":"Int J Inf Secur"},{"issue":"9","key":"10723_CR23","doi-asserted-by":"publisher","first-page":"1904","DOI":"10.1109\/TPAMI.2015.2389824","volume":"37","author":"K He","year":"2015","unstructured":"He K, Zhang X, Ren S et al (2015) Spatial pyramid pooling in deep convolutional networks for visual recognition. IEEE Trans Pattern Anal Mach Intell 37(9):1904\u20131916. https:\/\/doi.org\/10.1109\/TPAMI.2015.2389824","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"10723_CR24","doi-asserted-by":"publisher","unstructured":"He K, Zhang X, Ren S, et\u00a0al (2016) Deep residual learning for image recognition. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 770\u2013778, https:\/\/doi.org\/10.1109\/CVPR.2016.90","DOI":"10.1109\/CVPR.2016.90"},{"key":"10723_CR25","doi-asserted-by":"publisher","first-page":"100500","DOI":"10.1016\/j.cosrev.2022.100500","volume":"46","author":"X Hu","year":"2022","unstructured":"Hu X, Ma W, Chen C et al (2022) Event detection in online social network: methodologies, state-of-art, and evolution. Comput Sci Rev 46:100500. https:\/\/doi.org\/10.1016\/j.cosrev.2022.100500","journal-title":"Comput Sci Rev"},{"key":"10723_CR26","doi-asserted-by":"publisher","unstructured":"Jinping L, Zhi T, Jian M, et\u00a0al (2020) Mixed-models method based on machine learning in detecting webshell attack. In: Proceedings of the 2020 international conference on computers, information processing and advanced education, pp 251\u2013259, https:\/\/doi.org\/10.1145\/3419635.341971","DOI":"10.1145\/3419635.341971"},{"issue":"2","key":"10723_CR27","doi-asserted-by":"publisher","first-page":"229","DOI":"10.3745\/JIPS.03.0026","volume":"11","author":"J Kim","year":"2015","unstructured":"Kim J, Yoo DH, Jang H et al (2015) Webshark 1.0: a benchmark collection for malicious web shell detection. J Inf Process Syst 11(2):229\u2013238. https:\/\/doi.org\/10.3745\/JIPS.03.0026","journal-title":"J Inf Process Syst"},{"key":"10723_CR28","doi-asserted-by":"crossref","unstructured":"Kumar P, Katoch M, Verma A, et\u00a0al (2023) An analysis on usability of progressive web applications in business management. In: 2023 Seventh International Conference on Image Information Processing (ICIIP), IEEE, pp 501\u2013507","DOI":"10.1109\/ICIIP61524.2023.10537697"},{"issue":"2","key":"10723_CR29","doi-asserted-by":"publisher","first-page":"2630","DOI":"10.1109\/TITS.2021.3122979","volume":"24","author":"HV Le","year":"2021","unstructured":"Le HV, Nguyen TN, Nguyen HN et al (2021) An efficient hybrid webshell detection method for webserver of marine transportation systems. IEEE Trans Intell Transp Syst 24(2):2630\u20132642. https:\/\/doi.org\/10.1109\/TITS.2021.3122979","journal-title":"IEEE Trans Intell Transp Syst"},{"issue":"4","key":"10723_CR30","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1504\/IJWGS.2022.126117","volume":"18","author":"HV Le","year":"2022","unstructured":"Le HV, Du HP, Nguyen HN et al (2022a) A proactive method of the webshell detection and prevention based on deep traffic analysis. Int J Web Grid Serv 18(4):361\u2013383. https:\/\/doi.org\/10.1504\/IJWGS.2022.126117","journal-title":"Int J Web Grid Serv"},{"key":"10723_CR31","doi-asserted-by":"publisher","unstructured":"Le HV, Vo HV, Nguyen TN, et\u00a0al (2022b) Towards a webshell detection approach using rule-based and deep http traffic analysis. In: International conference on computational collective intelligence, Springer, pp 571\u2013584, https:\/\/doi.org\/10.1007\/978-3-031-16014-1_45","DOI":"10.1007\/978-3-031-16014-1_45"},{"key":"10723_CR32","doi-asserted-by":"publisher","first-page":"185140","DOI":"10.1109\/ACCESS.2019.2959950","volume":"7","author":"T Li","year":"2019","unstructured":"Li T, Ren C, Fu Y et al (2019) Webshell detection based on the word attention mechanism. IEEE Access 7:185140\u2013185147. https:\/\/doi.org\/10.1109\/ACCESS.2019.2959950","journal-title":"IEEE Access"},{"key":"10723_CR33","doi-asserted-by":"publisher","unstructured":"Li W, Zhang Z, Wang L (2018) A dynamic and heterogeneous web application to defense webshell attacks by using diversified php code. In: Proceedings of the 4th international conference on communication and information processing, pp 107\u2013111, https:\/\/doi.org\/10.1145\/3290420.3290438","DOI":"10.1145\/3290420.3290438"},{"issue":"4","key":"10723_CR34","doi-asserted-by":"publisher","first-page":"1994","DOI":"10.1109\/TDSC.2023.3299337","volume":"21","author":"Q Liu","year":"2024","unstructured":"Liu Q, Peng Y, Xu Q et al (2024) Mars: Enabling verifiable range-aggregate queries in multi-source environments. IEEE Trans Dependable Secure Comput 21(4):1994\u20132011","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"10723_CR35","doi-asserted-by":"publisher","unstructured":"Liu R, Luan TH, Qu Y et al (2025) Internet of digital twin: framework, applications and enabling technologies. IEEE Commun Surveys Tutorials:1\u20131. https:\/\/doi.org\/10.1109\/COMST.2025.3554579","DOI":"10.1109\/COMST.2025.3554579"},{"key":"10723_CR36","doi-asserted-by":"publisher","unstructured":"Liu S, Feng P, Sun K (2021) Honeybog: a hybrid webshell honeypot framework against command injection. In: 2021 IEEE Conference on Communications and Network Security (CNS), IEEE, pp 218\u2013226, https:\/\/doi.org\/10.1109\/CNS53000.2021.9705039","DOI":"10.1109\/CNS53000.2021.9705039"},{"issue":"3","key":"10723_CR37","doi-asserted-by":"publisher","first-page":"766","DOI":"10.26599\/TST.2023.9010020","volume":"29","author":"X Liu","year":"2023","unstructured":"Liu X, Zhang Y, Yu Q et al (2023) Smarteagleeye: a cloud-oriented webshell detection system based on dynamic gray-box and deep learning. Tsinghua Sci Technol 29(3):766\u2013783. https:\/\/doi.org\/10.26599\/TST.2023.9010020","journal-title":"Tsinghua Sci Technol"},{"key":"10723_CR38","doi-asserted-by":"publisher","first-page":"3434920","DOI":"10.1155\/2022\/3434920","volume":"1","author":"Z Liu","year":"2022","unstructured":"Liu Z, Li D, Wei L (2022) A new method for webshell detection based on bidirectional gru and attention mechanism. Secur Commun Netw 1:3434920. https:\/\/doi.org\/10.1155\/2022\/3434920","journal-title":"Secur Commun Netw"},{"key":"10723_CR39","doi-asserted-by":"publisher","first-page":"4469","DOI":"10.1109\/TIFS.2025.3560557","volume":"20","author":"W Ma","year":"2025","unstructured":"Ma W, Wang D, Song Y et al (2025) Trapnet: model inversion defense via trapdoor. IEEE Trans Inf Forensics Secur 20:4469\u20134483. https:\/\/doi.org\/10.1109\/TIFS.2025.3560557","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10723_CR40","doi-asserted-by":"publisher","unstructured":"Nguyen NH, Le VH, Phung VO, et\u00a0al (2019) Toward a deep learning approach for detecting php webshell. In: Proceedings of the 10th international symposium on information and communication technology, pp 514\u2013521, https:\/\/doi.org\/10.1145\/3368926.3369733","DOI":"10.1145\/3368926.3369733"},{"key":"10723_CR41","doi-asserted-by":"publisher","first-page":"5533963","DOI":"10.1155\/2021\/5533963","volume":"1","author":"Z Pan","year":"2021","unstructured":"Pan Z, Chen Y, Chen Y et al (2021) Webshell detection based on executable data characteristics of php code. Wirel Commun Mob Comput 1:5533963. https:\/\/doi.org\/10.1155\/2021\/5533963","journal-title":"Wirel Commun Mob Comput"},{"key":"10723_CR42","doi-asserted-by":"publisher","first-page":"4315829","DOI":"10.1155\/2022\/4315829","volume":"1","author":"A Pu","year":"2022","unstructured":"Pu A, Feng X, Zhang Y et al (2022) Bert-embedding-based jsp webshell detection on bytecode level using xgboost. Secur Commun Netw 1:4315829. https:\/\/doi.org\/10.1155\/2022\/4315829","journal-title":"Secur Commun Netw"},{"key":"10723_CR43","doi-asserted-by":"publisher","unstructured":"Qi L, Kong R, Lu Y, et\u00a0al (2018) An end-to-end detection method for webshell with deep learning. In: 2018 eighth international conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC), IEEE, pp 660\u2013665, https:\/\/doi.org\/10.1109\/IMCCC.2018.00143","DOI":"10.1109\/IMCCC.2018.00143"},{"key":"10723_CR44","doi-asserted-by":"crossref","unstructured":"Segun-Falade OD, Osundare OS, Kedi WE et al (2024) Developing cross-platform software applications to enhance compatibility across devices and systems. Comput Sci IT Res J 5(8)","DOI":"10.51594\/csitrj.v5i8.1491"},{"issue":"5","key":"10723_CR45","doi-asserted-by":"publisher","first-page":"3541","DOI":"10.1109\/TII.2025.3534441","volume":"21","author":"C Sheng","year":"2025","unstructured":"Sheng C, Zhou W, Han QL et al (2025) Network traffic fingerprinting for iiot device identification: a survey. IEEE Trans Industr Inf 21(5):3541\u20133554. https:\/\/doi.org\/10.1109\/TII.2025.3534441","journal-title":"IEEE Trans Industr Inf"},{"key":"10723_CR46","doi-asserted-by":"publisher","unstructured":"Tian Y, Wang J, Zhou Z, et\u00a0al (2017) Cnn-webshell: malicious web shell detection with convolutional neural network. In: Proceedings of the 2017 VI international conference on network, communication and computing, pp 75\u201379, https:\/\/doi.org\/10.1145\/3171592.317159","DOI":"10.1145\/3171592.317159"},{"key":"10723_CR47","doi-asserted-by":"publisher","unstructured":"Tu TD, Guang C, Xiaojun G, et\u00a0al (2014) Webshell detection techniques in web applications. In: Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT), IEEE, pp 1\u20137, https:\/\/doi.org\/10.1109\/ICCCNT.2014.6963152","DOI":"10.1109\/ICCCNT.2014.6963152"},{"key":"10723_CR48","doi-asserted-by":"publisher","unstructured":"Uddin MP, Xiang Y, Hasan M, et\u00a0al (2025) A systematic literature review of robust federated learning: Issues, solutions, and future research directions. ACM Comput Surv 57(10). https:\/\/doi.org\/10.1145\/3727643","DOI":"10.1145\/3727643"},{"issue":"3","key":"10723_CR49","doi-asserted-by":"publisher","first-page":"1861","DOI":"10.1109\/COMST.2024.3361451","volume":"26","author":"Y Wan","year":"2024","unstructured":"Wan Y, Qu Y, Ni W et al (2024) Data and model poisoning backdoor attacks on wireless federated learning, and the defense mechanisms: A comprehensive survey. IEEE Commun Surveys Tutorials 26(3):1861\u20131897. https:\/\/doi.org\/10.1109\/COMST.2024.3361451","journal-title":"IEEE Commun Surveys Tutorials"},{"key":"10723_CR50","doi-asserted-by":"publisher","unstructured":"Wang KC, Cheng WJ, Zhang J, et\u00a0al (2023) Honeycontainer: container-based webshell command injection defending and backtracking. In: 2023 Silicon Valley Cybersecurity Conference (SVCC), IEEE, pp 1\u20138, https:\/\/doi.org\/10.1109\/SVCC56964.2023.10165511","DOI":"10.1109\/SVCC56964.2023.10165511"},{"issue":"06","key":"10723_CR51","doi-asserted-by":"publisher","first-page":"6522","DOI":"10.1109\/TMC.2023.3323450","volume":"23","author":"S Wang","year":"2024","unstructured":"Wang S, Liu Q, Xu Y et al (2024) Protecting inference privacy with accuracy improvement in mobile-cloud deep learning. IEEE Trans Mob Comput 23(06):6522\u20136537","journal-title":"IEEE Trans Mob Comput"},{"key":"10723_CR52","doi-asserted-by":"publisher","unstructured":"Wang Z, Yang J, Dai M, et\u00a0al (2019) A method of detecting webshell based on multi-layer perception. Acad J Comput Inf Sci 2(1):81\u201391. https:\/\/doi.org\/10.25236\/AJCIS.010021","DOI":"10.25236\/AJCIS.010021"},{"key":"10723_CR53","doi-asserted-by":"crossref","unstructured":"Woo S, Park J, Lee JY, et\u00a0al (2018) Cbam: convolutional block attention module. In: Proceedings of the European conference on computer vision (ECCV), pp 3\u201319","DOI":"10.1007\/978-3-030-01234-2_1"},{"key":"10723_CR54","doi-asserted-by":"publisher","unstructured":"Wrench PM, Irwin BV (2015) Towards a php webshell taxonomy using deobfuscation-assisted similarity analysis. In: 2015 Information Security for South Africa (ISSA), IEEE, pp 1\u20138, https:\/\/doi.org\/10.1109\/ISSA.2015.7335066","DOI":"10.1109\/ISSA.2015.7335066"},{"key":"10723_CR55","doi-asserted-by":"publisher","first-page":"3093809","DOI":"10.1155\/2019\/3093809","volume":"1","author":"Y Wu","year":"2019","unstructured":"Wu Y, Sun Y, Huang C et al (2019) Session-based webshell detection using machine learning in web logs. Secur Commun Netw 1:3093809. https:\/\/doi.org\/10.1155\/2019\/3093809","journal-title":"Secur Commun Netw"},{"key":"10723_CR56","doi-asserted-by":"publisher","unstructured":"Wu Y, Song M, Li Y, et\u00a0al (2021) Improving convolutional neural network-based webshell detection through reinforcement learning. In: Information and Communications Security: 23rd International Conference, ICICS 2021, Chongqing, China, November 19-21, 2021, Proceedings, Part I 23, Springer, pp 368\u2013383, https:\/\/doi.org\/10.1007\/978-3-030-86890-1_21","DOI":"10.1007\/978-3-030-86890-1_21"},{"key":"10723_CR57","doi-asserted-by":"publisher","unstructured":"Xie M, Hu J (2013) Evaluating host-based anomaly detection systems: a preliminary analysis of adfa-ld. In: 2013 6th international congress on image and signal processing (CISP), IEEE, pp 1711\u20131716, https:\/\/doi.org\/10.1109\/CISP.2013.6743952","DOI":"10.1109\/CISP.2013.6743952"},{"key":"10723_CR58","doi-asserted-by":"publisher","unstructured":"Yang J (2021) A webshell detection model based on bayes. In: 2021 2nd international conference on Computer Communication and Network Security (CCNS), IEEE, pp 71\u201374, https:\/\/doi.org\/10.1109\/CCNS53852.2021.00022","DOI":"10.1109\/CCNS53852.2021.00022"},{"key":"10723_CR59","doi-asserted-by":"publisher","unstructured":"Yang J, Wang L, Xu Z (2018) A novel semantic-aware approach for detecting malicious web traffic. In: Information and Communications Security: 19th International Conference, ICICS 2017, Beijing, China, December 6-8, 2017, Proceedings 19, Springer, pp 633\u2013645, https:\/\/doi.org\/10.1007\/978-3-319-89500-0_54","DOI":"10.1007\/978-3-319-89500-0_54"},{"key":"10723_CR60","doi-asserted-by":"publisher","unstructured":"Yang W, Sun B, Cui B (2019) A webshell detection technology based on http traffic analysis. In: Innovative mobile and internet services in ubiquitous computing: proceedings of the 12th international conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS-2018), Springer, pp 336\u2013342,https:\/\/doi.org\/10.1007\/978-3-319-93554-6_31","DOI":"10.1007\/978-3-319-93554-6_31"},{"key":"10723_CR61","doi-asserted-by":"publisher","unstructured":"Yong B, Liu X, Liu Y, et\u00a0al (2018) Web behavior detection based on deep neural network. In: 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld\/SCALCOM\/UIC\/ATC\/CBDCom\/IOP\/SCI), IEEE, pp 1911\u20131916, https:\/\/doi.org\/10.1109\/SmartWorld.2018.00320","DOI":"10.1109\/SmartWorld.2018.00320"},{"key":"10723_CR62","doi-asserted-by":"publisher","unstructured":"Yu B, Liu J, Zhou Z (2021a) Wads: a webshell attack defender assisted by software-defined networks. In: Information Security Practice and Experience: 16th International Conference, ISPEC 2021, Nanjing, China, December 17\u201319, 2021, Proceedings 16, Springer, pp 209\u2013222, https:\/\/doi.org\/10.1007\/978-3-030-93206-0_13","DOI":"10.1007\/978-3-030-93206-0_13"},{"key":"10723_CR63","doi-asserted-by":"publisher","unstructured":"Yu X, Meng W, Zhao L, et\u00a0al (2021b) Tridentshell: A covert and scalable backdoor injection attack on web applications. In: Information Security: 24th International Conference, ISC 2021, Virtual Event, November 10\u201312, 2021, Proceedings 24, Springer, pp 177\u2013194, https:\/\/doi.org\/10.1007\/978-3-030-91356-4_10","DOI":"10.1007\/978-3-030-91356-4_10"},{"key":"10723_CR64","doi-asserted-by":"publisher","first-page":"75268","DOI":"10.1109\/ACCESS.2018.2882517","volume":"6","author":"H Zhang","year":"2018","unstructured":"Zhang H, Guan H, Yan H et al (2018) Webshell traffic detection with character-level features based on deep learning. IEEE Access 6:75268\u201375277. https:\/\/doi.org\/10.1109\/ACCESS.2018.2882517","journal-title":"IEEE Access"},{"key":"10723_CR65","doi-asserted-by":"publisher","unstructured":"Zhang Q, Chen L, Yan Q (2022) Adversarial attack and defense for webshell detection on machine learning models. In: 2022 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), IEEE, pp 33\u201341, https:\/\/doi.org\/10.1109\/CyberC55534.2022.00017","DOI":"10.1109\/CyberC55534.2022.00017"},{"issue":"4","key":"10723_CR66","first-page":"1","volume":"57","author":"S Zhang","year":"2024","unstructured":"Zhang S, Pan Y, Liu Q et al (2024) Backdoor attacks and defenses targeting multi-domain ai models: a comprehensive review. ACM Comput Surv 57(4):1\u201335","journal-title":"ACM Comput Surv"},{"key":"10723_CR67","doi-asserted-by":"publisher","unstructured":"Zhao Y, Qu Y, Xiang Y et al (2025) A comprehensive survey on edge data integrity verification: Fundamentals and future trends. ACM Comput Surv 57(1). https:\/\/doi.org\/10.1145\/3680277","DOI":"10.1145\/3680277"},{"key":"10723_CR68","doi-asserted-by":"publisher","unstructured":"Zhao Z, Liu Q, Song T, et\u00a0al (2020) Wsld: detecting unknown webshell using fuzzy matching and deep learning. In: Information and Communications Security: 21st International Conference, ICICS 2019, Beijing, China, December 15\u201317, 2019, Revised Selected Papers 21, Springer, pp 725\u2013745, https:\/\/doi.org\/10.1007\/978-3-030-41579-2_42","DOI":"10.1007\/978-3-030-41579-2_42"},{"issue":"1","key":"10723_CR69","doi-asserted-by":"publisher","first-page":"1585","DOI":"10.3233\/JIFS-200314","volume":"40","author":"X Zhongzheng","year":"2021","unstructured":"Zhongzheng X, Luktarhan N (2021) Webshell detection with byte-level features based on deep learning. J Intell Fuzzy Syst 40(1):1585\u20131596. https:\/\/doi.org\/10.3233\/JIFS-200314","journal-title":"J Intell Fuzzy Syst"},{"issue":"7","key":"10723_CR70","doi-asserted-by":"publisher","first-page":"1202","DOI":"10.3390\/sym13071202","volume":"13","author":"A Zhou","year":"2021","unstructured":"Zhou A, Luktarhan N, Ai Z (2021) Research on webshell detection method based on regularized neighborhood component analysis (rnca). Symmetry 13(7):1202. https:\/\/doi.org\/10.3390\/sym13071202","journal-title":"Symmetry"},{"key":"10723_CR71","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2024.124983","author":"W Zhou","year":"2024","unstructured":"Zhou W, Zhu X, Han QL et al (2024) The security of using large language models - a survey with emphasis on chatgpt. IEEE\/CAA J Automatica Sinica. https:\/\/doi.org\/10.1109\/JAS.2024.124983","journal-title":"IEEE\/CAA J Automatica Sinica"},{"key":"10723_CR72","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2024.124971","author":"X Zhu","year":"2024","unstructured":"Zhu X, Zhou W, Han QL et al (2024) When software security meets large language models: A survey. IEEE\/CAA J Automatica Sinica. https:\/\/doi.org\/10.1109\/JAS.2024.124971","journal-title":"IEEE\/CAA J Automatica Sinica"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10723-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-025-10723-0","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10723-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T11:26:05Z","timestamp":1770809165000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-025-10723-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,29]]},"references-count":71,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,1]]}},"alternative-id":["10723"],"URL":"https:\/\/doi.org\/10.1007\/s10664-025-10723-0","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,29]]},"assertion":[{"value":"13 February 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 August 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 October 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"This study does not involve human participants, animals, or sensitive data.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}},{"value":"Informed consent was obtained from all participants involved in the study.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed Consent"}}],"article-number":"2"}}