Abstract
Methods that utilize AI as a detection technique for malware have been studied, and this is also true for the detection of malicious PowerShell scripts. Previous studies have proposed models that use deep learning and machine learning to detect malicious PowerShell scripts and have achieved high detection rates. However, these studies have focused on improving the detection rate of malicious PowerShell scripts. Therefore, the reasons why the detection models are determining malicious and benign PowerShell samples are unclear. In this study, we use the attention mechanism to visualize the words that are important to the malicious PowerShell scripts detection model. Then, we analyze the distribution of important words for each sample classification result. The experimental results show that there were significant differences in the words that classify benign or malicious PowerShell scripts. In addition, the misclassified samples often contain words that were emphasized in the opposite class.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Choi, S.: Malicious powershell detection using attention against adversarial attacks. Electronics 9(11) (2020). https://doi.org/10.3390/electronics9111817. https://www.mdpi.com/2079-9292/9/11/1817
Graves, A., Schmidhuber, J.: Framewise phoneme classification with bidirectional LSTM and other neural network architectures. Neural Netw. 18(5–6), 602–610 (2005). https://doi.org/10.1016/j.neunet.2005.06.042
Graves, A., Schmidhuber, J.: Offline handwriting recognition with multidimensional recurrent neural networks. In: D. Koller, D. Schuurmans, Y. Bengio, L. Bottou (eds.) Advances in Neural Information Processing Systems 21, Proceedings of the Twenty-Second Annual Conference on Neural Information Processing Systems, Vancouver, British Columbia, Canada, 8–11 December 2008, pp. 545–552. Curran Associates, Inc. (2008). https://proceedings.neurips.cc/paper/2008/hash/66368270ffd51418ec58bd793f2d9b1b-Abstract.html
Hendler, D., Kels, S., Rubin, A.: Detecting malicious powershell commands using deep neural networks. In: J. Kim, G. Ahn, S. Kim, Y. Kim, J. López, T. Kim (eds.) Proceedings of the 2018 on Asia Conference on Computer and Communications Security, AsiaCCS 2018, Incheon, Republic of Korea, 04–08 June 2018, pp. 187–197. ACM (2018). https://doi.org/10.1145/3196494.3196511
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997). https://doi.org/10.1162/neco.1997.9.8.1735
Japkowicz, N.: The class imbalance problem: significance and strategies. In: Proceedings of the 2000 International Conference on Artificial Intelligence (ICAI), pp. 111–117 (2000)
Mimura, M., Tajiri, Y.: Static detection of malicious powershell based on word embeddings. Internet Things 15, 100–404 (2021). https://doi.org/10.1016/j.iot.2021.100404. https://www.sciencedirect.com/science/article/pii/S2542660521000482
Tajiri, Y., Mimura, M.: Detection of malicious powershell using word-level language models. In: Aoki, K., Kanaoka, A. (eds.) IWSEC 2020. LNCS, vol. 12231, pp. 39–56. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58208-1_3
WatchGuard Technologies: Internet security report - q1 2022 (2022). https://www.watchguard.com/wgrd-resource-center/security-report-q1-2022. Accessed 13 July 2022
Acknowledgment
This work was supported by JSPS, Japan KAKENHI, Japan Grant Number 21K11898.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mezawa, Y., Mimura, M. (2023). An Attention Mechanism for Visualizing Word Weights in Source Code of PowerShell Samples: Experimental Results and Analysis. In: Barolli, L. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2022. Lecture Notes in Networks and Systems, vol 570. Springer, Cham. https://doi.org/10.1007/978-3-031-20029-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-20029-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20028-1
Online ISBN: 978-3-031-20029-8
eBook Packages: EngineeringEngineering (R0)