Abstract
The internet’s rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been widely studied. Among AI techniques, the graph convolution network (GCN) was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the GCN, we needed an adjacency matrix. Therefore, we proposed an adjacency matrix generation method using the Jaccard similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% using GCN.
Highlights
We show that the malicious powershell detection rate is increased
This meant that when aij was equal to 1, the powershell script Fi was similar to the powershell script Fj
In Section we4.2.1, present experimental results based on based the number adjacent
Summary
Alice isofidentified in the system as a woman and Camilla is her Asaddition, shown in this example a recommendation system, GCNs consider the feature friend a feature is similar to. Camilla may lists ofwith other nodes list to determine the labelsthe of any given This can be be identified asan a woman with a high probability. Lists ofHere, other to determine the for labels of anymalicious given node This advantage can We be wenodes propose a new method detecting powershells using GCN. GCNs incompute malware the detection, can use thebetween featuresthe of other files ershell and existing scripts. We it generate an adjacency matrix using as well as a file’s own powershell features to determine whether is malicious. We show that the malicious powershell detection rate is increased
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have