Malicious Powershell Detection Using Graph Convolution Network Article Swipe

PDF

Related Concepts

Computer science Scripting language Adjacency matrix Malware Executable Graph Operating system Theoretical computer science

Sunoh Choi ·

YOU? · · 2021 · Open Access · · DOI: https://doi.org/10.3390/app11146429 · OA: W3179475394

The internet’s rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been widely studied. Among AI techniques, the graph convolution network (GCN) was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the GCN, we needed an adjacency matrix. Therefore, we proposed an adjacency matrix generation method using the Jaccard similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% using GCN.

Keywords: Computer science · Scripting language · Adjacency matrix · Malware · Executable · Graph · Operating system · Theoretical computer science