Research Article
PBDT: Python Backdoor Detection Model Based on Combined Features
| | | Author | Main work | Shortcoming |
| | Static detection | Scott and Hagen [16] | Identifying obfuscated webshells through statistical features | The feature library is old, and using simple character matching with high false positives | | Fass et al. [17] | Extracting JavaScript semantic information through AST, CFG, and PDG for malicious judgment | No analysis and consideration of basic functions with malicious intent | | Cui et al. [18] | Using TF-IDF vectors and hash vectors to obtain webshell opcode features for detection | No semantic information is considered, which may result in false negative | | Yong et al. [14] | Processing opcode through 2-gram and TF-IDF, and using composite neural network DNN for webshell’s classification | Deep neural network is too complex and consumes a lot of resources |
| | Dynamic detection | Canali and Balzarotti [9] | Analysis of common webshell behavior using honeypot technology | High requirements for resources, environment, and samples | | Wang et al. [19] | Combining attack feature’s vectors and dynamic execution trajectories | The types of malicious functions summarized are not comprehensive |
|
|
