Powershell malware detection method based on features combination
LIU Yue, LIU Baoxu, ZHAO Zihao, LIU Chaoge, WANG Xiaoxi, WU Xianda
Unverified — Be the first to reproduce this paper.
ReproduceAbstract
In recent years, powershell is widely used in APT attack due to its ease of use and high concealment. Tradi- tional malicious code detection technology based on artificial feature extraction and machine learning method is more and more difficult to be effective in the detection of malicious code in PowerShell. For this reason, this paper proposes a mali- cious Powershell code detection method based on random forest features combination and deep learning. This method uses random forest to generate new features which better characterize the original data, and uses deep neural network to build classifiers for classification and recognition. This method can make up for the lack of experience in artificial feature engi- neering, and characterize the original data better, so as to improve the detection effect. The experimental results in this article show that this method has a good performance, high recall rate and accuracy rate, which can effectively detect and identify malicious Powershell code