Research Article
PBDT: Python Backdoor Detection Model Based on Combined Features
Table 3
List of common modules and functions of backdoor.
| | ā | Module | Function |
| | Text encryption | AES/base64/binascii/hashlib/RSA/Crypto/sha256/hashes/padding/DES | b64encode/b64decode/encrypt/decrypt/EncodeAES/DecodeAES/AESGCM/md5/rc4/SHA256/sha1/encode_base64/OAEP/MGF1 | | Network communication | Socket/urllib2/urllib/paramiko/ftplib/SocketServer/httplib | Socket/bind/setsockopt/gethostbyname/gethostname/SSHClient | | Process setting | Subprocess/commands/pty/threading/select/multiprocessing/setproctitle | spawn/Popen/communicate/daemon/fork/ThreadingTCPServer/ThreadingUDPServer/setproctitle/CreateThread | | File operation | Shutil/fcntl/StringIO/BytesIO/ctypes/scapy.all | Exec/execv/execvp/execfile/storbinary | | Command execution | Argparse/getopt/getpass/argv/optparse/cmd | System/getopt/getoutput/tcsetattr/command/exec_command/check_output | | System control | Platform/winreg/psutil/wmi/pynput | VirtualAlloc/sysinfo |
|
|
