Technique for assessing the effectiveness of the functioning of web backdoor detection systems

Currently, there is a significant increase in information security incidents related to attacks on web resources. Obtaining unauthorized access to web resources remains one of the main methods of penetration into corporate networks of organizations and expanding the capabilities of intruders. In this regard, many studies are aimed at developing web backdoor detection systems (WBDS), but there is a need to assess the effectiveness of these systems. The purpose of this study is to develop an objective approach to assess the effectiveness of the WBDS functioning. In this work, it was found that the effectiveness of web backdoor detection systems is objectively manifested in the process of their use, therefore, testing of such systems should be carried out in conditions as close as possible to real ones. In this regard, the article proposes a new technique for assessing the effectiveness of WBDS. It is based on the calculation of three groups of specific indicators characterizing the potency, resource intensity and responsiveness of the detection tool, as well as the calculation of a generalized effectiveness indicator. Based on an analysis of research in this area, a classification of web backdoors embedded by an attacker into the source code of web applications has been developed. This classification is used when generating test datasets to calculate specific potency indicators. The developed methodology is applicable to tools that work based on the analysis of the source code of web pages. Additionally, its use requires a number of initial data, such as permissible maximum errors of frequent potency indicators and the probability of them being within the confidence interval, as well as weighting coefficients of specific potency indicators, which are selected by expert methods. This work may be useful for information security specialists and researchers who want to conduct a more objective assessment of their WBDS.