Malicious Powershell Detection Using Graph Convolution Network

被引:11
作者
Choi, Sunoh [1 ]
机构
[1] Jeonbuk Natl Univ, Dept Software Engn, Jeonju 54896, Jeollabuk Do, South Korea
来源
APPLIED SCIENCES-BASEL | 2021年 / 11卷 / 14期
基金
新加坡国家研究基金会;
关键词
powershell; graph convolution network; adjacency matrix;
D O I
10.3390/app11146429
中图分类号
O6 [化学];
学科分类号
0703 ;
摘要
The internet's rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been widely studied. Among AI techniques, the graph convolution network (GCN) was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the GCN, we needed an adjacency matrix. Therefore, we proposed an adjacency matrix generation method using the Jaccard similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% using GCN.
引用
收藏
页数:13
相关论文
共 16 条
[1]  
[Anonymous], PSPARSER
[2]   Malicious PowerShell Detection Using Attention against Adversarial Attacks [J].
Choi, Sunoh .
ELECTRONICS, 2020, 9 (11) :1-14
[3]  
DeFreez D., 2018, P 2018 26 ACM JOINT
[4]  
Fan W., 2019, P WORLD WID WEB C WW
[5]  
Gibert D, 2016, THESIS U BARCELONA B
[6]  
Hendler D., 2018, P 2018 AS C COMP COM
[7]  
Hong Y., 2017, P INT C SEC PRIV COM
[8]   ImageNet Classification with Deep Convolutional Neural Networks [J].
Krizhevsky, Alex ;
Sutskever, Ilya ;
Hinton, Geoffrey E. .
COMMUNICATIONS OF THE ACM, 2017, 60 (06) :84-90
[9]   Static detection of malicious PowerShell based on word embeddings [J].
Mimura, Mamoru ;
Tajiri, Yui .
INTERNET OF THINGS, 2021, 15
[10]  
Pascanu R, 2015, INT CONF ACOUST SPEE, P1916, DOI 10.1109/ICASSP.2015.7178304
12