{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T06:29:12Z","timestamp":1750746552249,"version":"3.37.3"},"reference-count":38,"publisher":"Wiley","license":[{"start":{"date-parts":[[2021,9,14]],"date-time":"2021-09-14T00:00:00Z","timestamp":1631577600000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U20B2045","2016QY13Z2302"],"award-info":[{"award-number":["U20B2045","2016QY13Z2302"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Key Research and Development Program of China","award":["U20B2045","2016QY13Z2302"],"award-info":[{"award-number":["U20B2045","2016QY13Z2302"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2021,9,14]]},"abstract":"<jats:p>Application security is essential in today\u2019s highly development period. Backdoor is a means by which attackers can invade the system to achieve illegal purposes and damage users\u2019 rights. It has posed a serious threat to network security. Thus, it is urgent to take adequate measures to defend such attacks. Previous research work was mainly focused on numerous PHP webshells, with less research on Python backdoor files. Language differences make the method not entirely applicable. This paper proposes a Python backdoor detection model named PBDT based on combined features. The model summarizes the common functional modules and functions in the backdoor files and extracts the number of calls in the text to form sample features. What is more, we consider the text\u2019s statistical characteristics, including the information entropy, the longest string, etc., to identify the obfuscated Python code. Besides, the opcode sequence is used to represent code characteristics, such as TF-IDF vector and FastText classifier, to eliminate the influence of interference items. Finally, we introduce the Random Forest algorithm to build a classifier. Covering most types of backdoors, some samples are obfuscated, the model achieves an accuracy of 97.70%, and the TNR index is as high as 98.66%, showing a good classification performance in Python backdoor detection.<\/jats:p>","DOI":"10.1155\/2021\/9923234","type":"journal-article","created":{"date-parts":[[2021,9,14]],"date-time":"2021-09-14T17:35:25Z","timestamp":1631640925000},"page":"1-13","source":"Crossref","is-referenced-by-count":8,"title":["PBDT: Python Backdoor Detection Model Based on Combined Features"],"prefix":"10.1155","volume":"2021","author":[{"given":"Yong","family":"Fang","sequence":"first","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mingyu","family":"Xie","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5871-946X","authenticated-orcid":true,"given":"Cheng","family":"Huang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"article-title":"2020 state of malware report","year":"2020","author":"Malwarebytes Labs","key":"1"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1109\/IS3C.2016.149"},{"first-page":"1021","article-title":"No honor among thieves: a large-scale analysis of malicious web shells","author":"O. Starov","key":"3"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.3966\/199115992017102805006"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1109\/ISSA.2015.7335066"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1109\/trustcom50675.2020.00219"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-05755-8_20"},{"first-page":"725","article-title":"WSLD: detecting unknown webshell using fuzzy matching and deep learning","author":"Z. Zhao","key":"8"},{"author":"D. Canali","key":"9","article-title":"Behind the scenes of online attacks: an analysis of exploitation behaviors on the web"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1109\/cisp.2013.6743952"},{"first-page":"73","article-title":"Automatic and accurate detection of webshell based on convolutional neural network","author":"Z.-H. Lv","key":"11"},{"first-page":"75","article-title":"CNN-webshell: malicious web shell detection with convolutional neural network","author":"Y. Tian","key":"12"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.25236\/AJCIS.010021"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1109\/smartworld.2018.00320"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_5"},{"article-title":"Web shell detection using NeoPI","year":"2011","author":"B. Scott","key":"16"},{"first-page":"257","article-title":"JStap: a static pre-filter for malicious javascript detection","author":"A. Fass","key":"17"},{"key":"18","doi-asserted-by":"publisher","DOI":"10.1109\/DSC.2018.00030"},{"first-page":"109","article-title":"Jsdc: a hybrid approach for javascript malware detection and classification","author":"J. Wang","key":"19"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1109\/icccnt.2014.6963152"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1064"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.1145\/3194452.3194470"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/5533963"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1016\/j.image.2021.116319"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2019.04.095"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1109\/ijcnn.2018.8489414"},{"key":"27","doi-asserted-by":"publisher","DOI":"10.3837\/tiis.2012.02.019"},{"first-page":"31","article-title":"Cujo: efficient detection and prevention of drive-by-download attacks","author":"K. Rieck","key":"28"},{"first-page":"1899","article-title":"Hidenoseek: camouflaging malicious javascript in benign asts","author":"A. Fass","key":"29"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93411-2_14"},{"first-page":"637","article-title":"Revolver: an automated approach to the detection of evasive web-based malware","author":"A. Kapravelos","key":"31"},{"key":"32","article-title":"Shellbreaker: automatically detecting PHP-based malicious web shells","volume":"87","author":"L. Yu","year":"2019","journal-title":"Computers & Security"},{"key":"33","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363187"},{"key":"34","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1948.tb01338.x"},{"first-page":"133","article-title":"Using tf-idf to determine word relevance in document queries","author":"J. Ramos","key":"35"},{"article-title":"Bag of tricks for efficient text classification","year":"2016","author":"J. Armand","key":"36"},{"first-page":"278","article-title":"Random decision forests","author":"T. K. Ho","key":"37"},{"key":"38","doi-asserted-by":"publisher","DOI":"10.3390\/fi12010012"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/9923234.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/9923234.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/9923234.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,14]],"date-time":"2021-09-14T17:35:32Z","timestamp":1631640932000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2021\/9923234\/"}},"subtitle":[],"editor":[{"given":"Shah","family":"Nazir","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2021,9,14]]},"references-count":38,"alternative-id":["9923234","9923234"],"URL":"https:\/\/doi.org\/10.1155\/2021\/9923234","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"type":"electronic","value":"1939-0122"},{"type":"print","value":"1939-0114"}],"subject":[],"published":{"date-parts":[[2021,9,14]]}}}