| 摘要: |
| WebShell作为一类高隐蔽、高危害、易入门、低门槛的服务器恶意脚本,已成为网络安全防御领域的重点研究对象。为系统追踪其检测技术的最新进展,文章对近五年来的代表性研究进行了全面回顾与梳理。文章首先阐述了WebShell及其混淆、加密等变种技术的演进路径;进而,综述了检测技术从基于规则的传统方法,到融合静态分析、机器学习与深度学习的智能化方法,再到基于动态行为分析及混合框架的体系化演进过程,并剖析了各类方法的优势与局限。分析表明,当前方法在应对代码混淆、跨语言泛化等方面仍存在挑战,并对未来研究方向提出建议,包括构建标准化数据集、发展语义理解、加强对抗样本学习,以期为后续研究提供参考。 |
| 关键词: WebShell 静态分析 机器学习 深度学习 动态分析 |
| DOI: |
| 投稿时间:2025-12-11修订日期:2026-01-08 |
| 基金项目:中国人民公安大学中央基本科研业务费项目(2024JKF17) |
|
| Review of WebShell Detection Technology |
|
He JunPeng1,2,3, Gao Jian1,2,3
|
| (1.People'2.'3.s Public Security University of China) |
| Abstract: |
| WebShell, as a type of highly concealed, highly dangerous, easy-to-learn, and low-barrier-to-entry malicious server script, have become a key research object in the field of network security defense. To systematically track the latest de-velopments in its detection technology, this article provides a comprehensive review and analysis of representative re-search from the past five years. The article first elucidates the evolutionary path of WebShell and their variants such as obfuscation and encryption. Then, it summarizes the evolution of detection technology from traditional rule-based methods to intelligent methods integrating static analysis, machine learning, and deep learning, and then to a systematic evolution based on dynamic behavior analysis and hybrid frameworks, analyzing the advantages and limitations of each method. The analysis shows that current methods still face challenges in dealing with code obfuscation and cross-language generalization, and suggestions are made for future research directions, including building standardized datasets, developing semantic understanding, and strengthening adversarial example learning, in order to provide a ref-erence for subsequent research. |
| Key words: WebShell static analysis machine learning deep learning dynamic analysis |
