상세정보
학술지
Evaluations of AI-based Malicious PowerShell Detection with Feature Optimizations
- 발행일
- 202106
- 출처
- ETRI Journal, v.43 no.3, pp.549-560
- ISSN
- 1225-6463
- 출판사
- 한국전자통신연구원 (ETRI)
- 협약과제
- 20HR2400, 지능화된 악성코드 위협으로부터 ICT 인프라 보호, 김종현
- 초록
- Cyberattacks are often difficult to identify with traditional signature-based detection, because attackers continually find ways to bypass the detection methods. Therefore, researchers have introduced artificial intelligence (AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature optimization technique for AI-based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess it with a method based on the tokens and abstract syntax tree (AST) for feature selection. Here, tokens and AST represent the vocabulary and structure of the PowerShell script, respectively. Performance evaluations with optimized features yield detection rates of 98% in both machine learning (ML) and deep learning (DL) experiments. Among them, the ML model with the 3-gram of selected five tokens and the DL model with experiments based on the AST 3-gram deliver the best performance.
- KSP 제안 키워드
- Artificial intelligence (AI) technology, Best performance, Cybersecurity analysis, DL model, Detection Method, Feature optimization, Feature selection(FS), Machine learning (ml), Optimization techniques(OT), Performance evaluation, abstract syntax tree
본 저작물은 공공누리 제4유형 : 출처표시 + 상업적 이용금지 + 변경금지 조건에 따라 이용할 수 있습니다.
