Amir Rubin scite author profile

PowerShell is a command line shell, supporting a scripting language, that is widely used in organizations for configuration management and task automation. Unfortunately, PowerShell is also increasingly used by cybercriminals for launching cyber attacks against organizations, mainly because it is pre-installed on Windows machines, exposes strong functionality that may be leveraged by attackers, and its code can be deeply obfuscated in many ways. This makes the problem of detecting malicious PowerShell scripts both urgent and challenging.To the best of our knowledge, our work is the first to address this important problem. We do so by presenting several novel deep learning based detectors of malicious PowerShell scripts. Our best model obtains a true positive rate of nearly 90% while maintaining a low false positive rate of less than 0.1%, indicating that it can be of practical value.Our models employ pre-trained contextual embeddings of words from the PowerShell "language". A contextual word embedding is able to project semantically similar words to proximate vectors in the embedding space. A known problem in the cybersecurity domain is that labeled data is relatively scarce in comparison with unlabeled data, making it difficult to devise effective supervised detection of malicious activity of many types. This is also the case with PowerShell scripts. Our work shows that this problem can be largely mitigated by learning a pre-trained contextual embedding based on unlabeled data.We trained our models' embedding layer using a scripts dataset that was enriched by a large corpus of unlabeled Power-Shell scripts collected from public repositories. As established by our performance analysis, the use of unlabeled data for the embedding significantly improved the performance of our detectors. We estimate that the usage of pre-trained contextual embeddings based on unlabeled data for improved classication accuracy will find additional applications in the cybersecurity domain.

show abstract

What drives E-Health usage? Integrated institutional forces and top management perspectives

Hsia

Chiang

et al. 2019

Computers in Human Behavior

View full text Add to dashboard Cite

Linear EUS for bile duct stones

Lachter¹,

Rubin²,

Shiller³

et al. 2000

Gastrointestinal Endoscopy

View full text Add to dashboard Cite

The Medial Longitudinal Arch as a Possible Risk Factor for Ankle Sprains: A Prospective Study in 83 Female Infantry Recruits

Mei-Dan¹,

Kahn

Zeev

et al. 2005

Foot Ankle Int.

View full text Add to dashboard Cite

show abstract

Node-centric detection of overlapping communities in social networks

Cohen

Hendler

Rubin

2016

View full text Add to dashboard Cite

Abstract-We present NECTAR, a community detection algorithm that generalizes Louvain method's local search heuristic for overlapping community structures. NECTAR chooses dynamically which objective function to optimize based on the network on which it is invoked. Our experimental evaluation on both synthetic benchmark graphs and real-world networks, based on ground-truth communities, shows that NECTAR provides excellent results as compared with state of the art community detection algorithms.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Amir Rubin

Detecting Malicious PowerShell Commands using Deep Neural Networks

What drives E-Health usage? Integrated institutional forces and top management perspectives

Linear EUS for bile duct stones

The Medial Longitudinal Arch as a Possible Risk Factor for Ankle Sprains: A Prospective Study in 83 Female Infantry Recruits

Node-centric detection of overlapping communities in social networks

Contact Info

Product

Resources

About