AST-Based Deep Learning for Detecting Malicious PowerShell

被引:24
|
作者
Rusak, Gili [1 ]
Al-Dujaili, Abdullah [1 ]
O'Reilly, Una-May [1 ]
机构
[1] MIT, CSAIL, Cambridge, MA 02139 USA
来源
PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18) | 2018年
关键词
powershell scripts; malware; deep learning; abstract syntax trees;
D O I
10.1145/3243734.3278496
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
With the celebrated success of deep learning, some attempts to develop effective methods for detecting malicious PowerShell programs employ neural nets in a traditional natural language processing setup while others employ convolutional neural nets to detect obfuscated malicious commands at a character level. While these representations may express salient PowerShell properties, our hypothesis is that tools from static program analysis will be more effective. We propose a hybrid approach combining traditional program analysis (in the form of abstract syntax trees) and deep learning. This poster presents preliminary results of a fundamental step in our approach: learning embeddings for nodes of PowerShell ASTs. We classify malicious scripts by family type and explore embedded program vector representations.
引用
收藏
页码:2276 / 2278
页数:3
相关论文
共 50 条
  • [1] Detecting Malicious PowerShell Commands using Deep Neural Networks
    Hendler, Danny
    Kels, Shay
    Rubin, Amir
    [J]. PROCEEDINGS OF THE 2018 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIACCS'18), 2018, : 187 - 197
  • [2] Invoke-Deobfuscation: AST-Based and Semantics-Preserving Deobfuscation for PowerShell Scripts
    Chai, Huajun
    Ying, Lingyun
    Duan, Haixin
    Zha, Daren
    [J]. 2022 52ND ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2022), 2022, : 295 - 306
  • [3] Effective method for detecting malicious PowerShell scripts based on hybrid features
    Fang, Yong
    Zhou, Xiangyu
    Huang, Cheng
    [J]. NEUROCOMPUTING, 2021, 448 : 30 - 39
  • [4] Detecting Malicious Assembly with Deep Learning
    Santacroce, M.
    Koranek, Daniel
    Kapp, David
    Ralescu, Anca
    Jha, R.
    [J]. NAECON 2018 - IEEE NATIONAL AEROSPACE AND ELECTRONICS CONFERENCE, 2018, : 82 - 85
  • [5] Detecting Semantic Code Clones by Building AST-based Markov Chains Model
    Wu, Yueming
    Feng, Siyue
    Zou, Deqing
    Jin, Hai
    [J]. PROCEEDINGS OF THE 37TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING, ASE 2022, 2022,
  • [6] An AST-based approach to classifying defects
    Liu, Changsong
    Zhao, Yanagyang
    Yang, Yibiao
    Lu, Hongmin
    Zhou, Yuming
    Xu, Baowen
    [J]. 2015 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY - COMPANION (QRS-C 2015), 2015, : 14 - 21
  • [7] AST-Based Plagiarism Detection Method
    Zhang, Liping
    Liu, Dongsheng
    Li, Yanchen
    Zhong, Mei
    [J]. INTERNET OF THINGS-BK, 2012, 312 : 611 - 618
  • [8] PowerDetector: Malicious PowerShell Script Family Classification Based on Multi-Modal Semantic Fusion and Deep Learning
    Yang, Xiuzhang
    Peng, Guojun
    Zhang, Dongni
    Gao, Yuhang
    Li, Chenguang
    [J]. CHINA COMMUNICATIONS, 2023, 20 (11) : 202 - 224
  • [9] AST2Vec: A Robust Neural Code Representation for Malicious PowerShell Detection
    Miao, Han
    Bao, Huaifeng
    Tang, Zixian
    Li, Wenhao
    Wang, Wen
    Chen, Huashan
    Liu, Feng
    Sun, Yanhui
    [J]. SCIENCE OF CYBER SECURITY, SCISEC 2023, 2023, 14299 : 207 - 224
  • [10] OMRDetector: A Method for Detecting Obfuscated Malicious Requests Based on Deep Learning
    Yang, Xiu-Zhang
    Peng, Guo-Jun
    Luo, Yuan
    Song, Wen-Na
    Zhang, Jie
    Cao, Fang-Tao
    [J]. Jisuanji Xuebao/Chinese Journal of Computers, 2022, 45 (10): : 2167 - 2189
12345