Journal
APPLIED SCIENCES-BASEL
Volume 11, Issue 14, Pages -Publisher
MDPI
DOI: 10.3390/app11146429
Keywords
powershell; graph convolution network; adjacency matrix
Categories
Funding
- National Research Foundation of Korea (NRF) - Korean government (MSIT) [2019R1G1A11100261]
- Jeonbuk National University
- MSIT
- NIPA
Ask authors/readers for more resources
With the rapid growth of the internet, there has been an increase in malicious files, particularly in the use of PowerShell scripts and Windows PE files for malicious behaviors. Artificial intelligence-based malware detection methods, such as GCN, have been widely studied to address these issues. By proposing a method for malicious PowerShell detection using GCN and generating an adjacency matrix using Jaccard similarity, the detection rate for malicious PowerShell has been increased by approximately 8.2%.
The internet's rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been widely studied. Among AI techniques, the graph convolution network (GCN) was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the GCN, we needed an adjacency matrix. Therefore, we proposed an adjacency matrix generation method using the Jaccard similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% using GCN.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available
Share Paper
