Machine Learning Approaches to Malicious PowerShell Scripts Detection and Feature Combination Analysis,ERICDATA高等教育知識庫
高等教育出版
熱門: 程明风  黃昱倫  李明昆  王善边  祝智庭  黃乃熒  
高等教育出版
首頁 臺灣期刊   學校系所   學協會   民間出版   大陸/海外期刊   政府機關   學校系所   學協會   民間出版   DOI註冊服務
篇名
Machine Learning Approaches to Malicious PowerShell Scripts Detection and Feature Combination Analysis
並列篇名
Machine Learning Approaches to Malicious PowerShell Scripts Detection and Feature Combination Analysis
作者 Hsiang-Hua HungJiann-Liang ChenYi-Wei Ma
英文摘要

With advances in communication technology, modern society relies more than ever on the Internet and various user-friendly digital tools. It provides access to and enables the manipulation of files, trips, and the Windows API. Attackers frequently use various obfuscation techniques PowerShell scripts to avoid detection by anti-virus software. Their doing so can significantly reduce the readability of the script. This work statically analyzes PowerShell scripts. Thirty-three features that were based on the script’s keywords, format, and string combinations were used herein to determine the behavioral intent of the script. Ones are characteristic-based features that are obtained by calculation; the others are behavior-based features that determine the execution function of behavior using keywords and instructions. Behavior-based features can be divided into positive behavior-based features, neutral behavior-based features, and negative behavior-based features. These three types of features are enhanced by observing samples and adding keywords. The other type of characteristic-based feature is introduced into the formula from other studies in this work. The XGBoost model was used to evaluate the importance of the features that are proposed in this study and to identify the combination of features that contributed most to the detection of PowerShell scripts. The final model with the combined features is found to exhibit the best performance. The model has 99.27% accuracy when applied to the validation dataset. The results clearly indicate that the proposed malicious PowerShell script detection model outperforms previously developed models.

 

起訖頁 167-173
關鍵詞 Machine learningXGBoostPowerShellMalicious scriptsBehavioral features analysis
刊名 網際網路技術學刊  
期數 202401 (25:1期)
出版單位 台灣學術網路管理委員會
DOI 10.53106/160792642024012501014   複製DOI
QR Code
該期刊
上一篇
Research on the Application of Behavioral Image Feature Capture in Basketball Game Video

高等教育知識庫  閱讀計畫  教育研究月刊  新書優惠  

教師服務
合作出版
期刊徵稿
聯絡高教
高教FB
讀者服務
圖書目錄
教育期刊
訂購服務
活動訊息
數位服務
高等教育知識庫
國際資料庫收錄
投審稿系統
DOI註冊
線上購買
高點網路書店 
元照網路書店
博客來網路書店
教育資源
教育網站
國際教育網站
關於高教
高教簡介
出版授權
合作單位
知識達 知識達 知識達 知識達 知識達 知識達
版權所有‧轉載必究 Copyright2011 高等教育文化事業股份有限公司  All Rights Reserved
服務信箱:edubook@edubook.com.tw 台北市館前路 26 號 6 樓 Tel:+886-2-23885899 Fax:+886-2-23892500