ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술지 Evaluations of AI-based Malicious PowerShell Detection with Feature Optimizations
Cited 2 time in scopus Download 14 time Share share facebook twitter linkedin kakaostory
저자
송지현, 김정태, 최선오, 김종현, 김익균
발행일
202106
출처
ETRI Journal, v.43 no.3, pp.549-560
ISSN
1225-6463
출판사
한국전자통신연구원 (ETRI)
DOI
https://dx.doi.org/10.4218/etrij.2020-0215
협약과제
20HR2400, 지능화된 악성코드 위협으로부터 ICT 인프라 보호, 김종현
초록
Cyberattacks are often difficult to identify with traditional signature-based detection, because attackers continually find ways to bypass the detection methods. Therefore, researchers have introduced artificial intelligence (AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature optimization technique for AI-based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess it with a method based on the tokens and abstract syntax tree (AST) for feature selection. Here, tokens and AST represent the vocabulary and structure of the PowerShell script, respectively. Performance evaluations with optimized features yield detection rates of 98% in both machine learning (ML) and deep learning (DL) experiments. Among them, the ML model with the 3-gram of selected five tokens and the DL model with experiments based on the AST 3-gram deliver the best performance.
키워드
Deep learning, feature optimization, fileless malware, machine learning, PowerShell script
KSP 제안 키워드
Artificial intelligence (AI) technology, Best performance, Cybersecurity analysis, DL model, Detection Method, Feature optimization, Feature selection(FS), Machine learning (ml), Optimization techniques(OT), Performance evaluation, abstract syntax tree
본 저작물은 공공누리 제4유형 : 출처표시 + 상업적 이용금지 + 변경금지 조건에 따라 이용할 수 있습니다.
제4유형