BROWSE
Detail
Journal Article
Evaluations of AI‐based malicious PowerShell detection with feature optimizations
- Authors
- Jihyeon Song, Jungtae Kim, Sunoh Choi, Jonghyun Kim, Ikkyun Kim
- Issue Date
- 2021-06
- Citation
- ETRI Journal, v.43, no.3, pp.549-560
- ISSN
- 1225-6463
- Publisher
- 한국전자통신연구원 (ETRI)
- Language
- English
- Type
- Journal Article
- Abstract
- Cyberattacks are often difficult to identify with traditional signature-based detection, because attackers continually find ways to bypass the detection methods. Therefore, researchers have introduced artificial intelligence (AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature optimization technique for AI-based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess it with a method based on the tokens and abstract syntax tree (AST) for feature selection. Here, tokens and AST represent the vocabulary and structure of the PowerShell script, respectively. Performance evaluations with optimized features yield detection rates of 98% in both machine learning (ML) and deep learning (DL) experiments. Among them, the ML model with the 3-gram of selected five tokens and the DL model with experiments based on the AST 3-gram deliver the best performance.
- KSP Keywords
- Artificial intelligence (AI) technology, Best performance, Cybersecurity analysis, DL model, Detection Method, Feature optimization, Machine learning (ml), Optimization techniques, Performance evaluation, abstract syntax tree, deep learning(DL)
This work is distributed under the term of Korea Open Government License (KOGL)
(Type 4: : Type 1 + Commercial Use Prohibition+Change Prohibition)
(Type 4: : Type 1 + Commercial Use Prohibition+Change Prohibition)
