Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security 2018
DOI: 10.1145/3243734.3278496
|View full text |Cite
|
Sign up to set email alerts
|

AST-Based Deep Learning for Detecting Malicious PowerShell

Abstract: With the celebrated success of deep learning, some attempts to develop effective methods for detecting malicious PowerShell programs employ neural nets in a traditional natural language processing setup while others employ convolutional neural nets to detect obfuscated malicious commands at a character level. While these representations may express salient PowerShell properties, our hypothesis is that tools from static program analysis will be more effective. We propose a hybrid approach combining traditional … Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
17
0
1

Year Published

2018
2018
2024
2024

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 35 publications
(18 citation statements)
references
References 4 publications
0
17
0
1
Order By: Relevance
“…Rusak and others [15] used the depth and node count information of the AST nodes to classify a malicious PowerShell script based on its family type information. They utilized 4079 malicious PowerShell scripts as a dataset.…”
Section: Related Workmentioning
confidence: 99%
“…Rusak and others [15] used the depth and node count information of the AST nodes to classify a malicious PowerShell script based on its family type information. They utilized 4079 malicious PowerShell scripts as a dataset.…”
Section: Related Workmentioning
confidence: 99%
“…Recently, Rusak et al [48] presented a classifier of malicious PowerShell scripts into malware families. Their classifier is based on an Abstract Syntax Tree (AST) representation of PowerShell scripts.…”
Section: Related Workmentioning
confidence: 99%
“…The reason behind it is that ASTs tend to provide the structure of a program rather than internal behaviors [62]. However, ASTs have been successfully used to detect Powershell-based malware in [63] and Javascript-based malware in [64].…”
Section: B Graph/tree-based Features A: Graph-based Featuresmentioning
confidence: 99%