Original Paper: https://arxiv.org/abs/2402.07408
By: Mingrui Ma, Lansheng Han, Chunjie Zhou
Abstract:
The frequent occurrence of cyber-attacks has made webshell attacks and defense gradually become a research hotspot in the field of network security. However, the lack of publicly available benchmark datasets and the over-reliance on manually defined rules for webshell escape sample generation have slowed down the progress of research related to webshell escape sample generation strategies and artificial intelligence-based webshell detection algorithms. To address the drawbacks of weak webshell sample escape capabilities, the lack of webshell datasets with complex malicious features, and to promote the development of webshell detection technology, we propose the Hybrid Prompt algorithm for webshell escape sample generation with the help of large language models. As a prompt algorithm specifically developed for webshell sample generation, the Hybrid Prompt algorithm not only combines various prompt ideas including Chain of Thought, Tree of Thought, but also incorporates various components such as webshell hierarchical module and few-shot example to facilitate the LLM in learning and reasoning webshell escape strategies. Experimental results show that the Hybrid Prompt algorithm can work with multiple LLMs with excellent code reasoning ability to generate high-quality webshell samples with high Escape Rate (88.61% with GPT-4 model on VIRUSTOTAL detection engine) and Survival Rate (54.98% with GPT-4 model).
In the face of evolving cyber threats, particularly webshell attacks that exploit web server flaws, the cybersecurity domain is in constant need of innovative solutions.
These webshell attacks allow attackers unauthorized control by injecting malicious scripts. As cybersecurity tools become more advanced, attackers adapt, leading to an ongoing arms race.
One cutting-edge approach to stay ahead is using Large Language Models (LLMs) and a new strategy called the Hybrid Prompt algorithm to generate advanced webshell escape tactics.
Webshell attacks leverage vulnerabilities in web applications to execute unauthorized commands and maintain access, posing a significant threat due to their evolving nature.
Traditional detection methods often struggle to keep up, lacking comprehensive coverage and suffering from overfitting.