Aiming at the difficulty of WebShell file detection based on traditional rules,a WebShell detection method based on BERT-LSTM model is designed using the idea of text classification.Firstly,the existing publicly available normal PHP files and malicious PHP files are cleaned and compiled to get the instruction opcode code;then,the opcode is converted into a feature vec-tor by the bi-directional encoder representation technique(BERT)of the transformer;finally,the classification model is built by combining with the long-short-term memory network(LSTM)to detect the features from the perspective of text sequence.The ex-perimental results show that the detection model has an accuracy of 98.95%,a recall of 99.45%,and an F1 value of 99.09%,which is better compared to other models for detection.
维普
万方数据