Malicious Powershell Detection Using Graph Convolution Network
The internet’s rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been wid...
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2021-07-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/11/14/6429 |
| _version_ | 1797527660394446848 |
|---|---|
| author | Sunoh Choi |
| author_facet | Sunoh Choi |
| author_sort | Sunoh Choi |
| collection | DOAJ |
| description | The internet’s rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been widely studied. Among AI techniques, the graph convolution network (GCN) was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the GCN, we needed an adjacency matrix. Therefore, we proposed an adjacency matrix generation method using the Jaccard similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% using GCN. |
| first_indexed | 2024-03-10T09:46:53Z |
| format | Article |
| id | doaj.art-5da015cc44334ff3b8e898960c70ef6a |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-10T09:46:53Z |
| publishDate | 2021-07-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-5da015cc44334ff3b8e898960c70ef6a2023-11-22T03:09:37ZengMDPI AGApplied Sciences2076-34172021-07-011114642910.3390/app11146429Malicious Powershell Detection Using Graph Convolution NetworkSunoh Choi0Department of Software Engineering, Jeonbuk National University, Jeonju 54896, Jeollabuk-do, KoreaThe internet’s rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been widely studied. Among AI techniques, the graph convolution network (GCN) was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the GCN, we needed an adjacency matrix. Therefore, we proposed an adjacency matrix generation method using the Jaccard similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% using GCN.https://www.mdpi.com/2076-3417/11/14/6429powershellgraph convolution networkadjacency matrix |
| spellingShingle | Sunoh Choi Malicious Powershell Detection Using Graph Convolution Network Applied Sciences powershell graph convolution network adjacency matrix |
| title | Malicious Powershell Detection Using Graph Convolution Network |
| title_full | Malicious Powershell Detection Using Graph Convolution Network |
| title_fullStr | Malicious Powershell Detection Using Graph Convolution Network |
| title_full_unstemmed | Malicious Powershell Detection Using Graph Convolution Network |
| title_short | Malicious Powershell Detection Using Graph Convolution Network |
| title_sort | malicious powershell detection using graph convolution network |
| topic | powershell graph convolution network adjacency matrix |
| url | https://www.mdpi.com/2076-3417/11/14/6429 |
| work_keys_str_mv | AT sunohchoi maliciouspowershelldetectionusinggraphconvolutionnetwork |