English

AST-Based Deep Learning for Detecting Malicious PowerShell

Software Engineering 2018-10-23 v1 Machine Learning Machine Learning

Abstract

With the celebrated success of deep learning, some attempts to develop effective methods for detecting malicious PowerShell programs employ neural nets in a traditional natural language processing setup while others employ convolutional neural nets to detect obfuscated malicious commands at a character level. While these representations may express salient PowerShell properties, our hypothesis is that tools from static program analysis will be more effective. We propose a hybrid approach combining traditional program analysis (in the form of abstract syntax trees) and deep learning. This poster presents preliminary results of a fundamental step in our approach: learning embeddings for nodes of PowerShell ASTs. We classify malicious scripts by family type and explore embedded program vector representations.

Keywords

Cite

@article{arxiv.1810.09230,
  title  = {AST-Based Deep Learning for Detecting Malicious PowerShell},
  author = {Gili Rusak and Abdullah Al-Dujaili and Una-May O'Reilly},
  journal= {arXiv preprint arXiv:1810.09230},
  year   = {2018}
}

Comments

To appear at ACM CCS 2018 Poster Session

R2 v1 2026-06-23T04:48:09.927Z