文章基本信息

标题：Evaluations of AI‐based malicious PowerShell detection with feature optimizations
本地全文：下载
作者：Jihyeon Song ; Jungtae Kim ; Sunoh Choi 等
期刊名称：ETRI Journal
印刷版ISSN：1225-6463
电子版ISSN：2233-7326
出版年度：2021
卷号：43
期号：3
页码：549-560
DOI：10.4218/etrij.2020-0215
语种：English
出版社：Electronics and Telecommunications Research Institute
摘要：Cyberattacks are often difficult to identify with traditional signature‐based detection, because attackers continually find ways to bypass the detection methods. Therefore, researchers have introduced artificial intelligence (AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature optimization technique for AI‐based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess it with a method based on the tokens and syntax tree (AST) for feature selection. Here, tokens and AST represent the vocabulary and structure of the PowerShell script, respectively. Performance evaluations with optimized features yield detection rates of 98% in both machine learning (ML) and deep learning (DL) experiments. Among them, the ML model with the 3‐gram of selected five tokens and the DL model with experiments based on the AST 3‐gram deliver the best performance.