中圖分類號：TP309;TP393文獻標識碼：ADOI:10.19358/j.issn.2097-1788.2024.04.004
引用格式：鄧全才，徐懷彬.基于BERT-LSTM模型的WebShell文件檢測研究［J］.網(wǎng)絡安全與數(shù)據(jù)治理，2024，43（4）：24-27.

Research on WebShell file detection based on BERT-LSTM model

Abstract： Aiming at the difficulty of WebShell file detection based on traditional rules, a WebShell detection method based on BERT-LSTM model is designed using the idea of text classification. Firstly, the existing publicly available normal PHP files and malicious PHP files are cleaned and compiled to get the instruction opcode code; then, the opcode is converted into a feature vector by the bi-directional encoder representation technique (BERT) of the transformer; finally, the classification model is built by combining with the long-short-term memory network (LSTM) to detect the features from the perspective of text sequence. The experimental results show that the detection model has an accuracy of 98.95%, a recall of 99.45%, and an F1 value of 99.09%, which is better compared to other models for detection.

Key words : BERT;LSTM;WebShell;PyTorch