Evaluating the Possibility of Evasion Attacks to Machine Learning-Based Models for Malicious PowerShell Detection

Capítulo de livro Revisado por pares

Evaluating the Possibility of Evasion Attacks to Machine Learning-Based Models for Malicious PowerShell Detection

2022; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-031-21280-2_14

ISSN

1611-3349

Autores

Yuki Mezawa, Mamoru Mimura,

Tópico(s)

Internet Traffic Analysis and Secure E-voting

Resumo

In cyber attacks, PowerShell has become a convenient tool for attackers. A previous study proposed a classification method for PowerShell scripts that combines natural language processing (NLP) techniques and machine learning models. Although it has been pointed out that the accuracy of machine learning is degraded by adversarial input, no evaluation has been reported for PowerShell classification. In this study, we evaluated the possibility of evasion attacks to the machine learning-based model for malicious PowerShell detection. In addition to Bag-of-Words, Latent Semantic Indexing (LSI), and Support Vector Machine (SVM), we combined Doc2Vec, RandomForest, and XGBoost with the previous models. As a result, we confirmed that evasion attacks are possible in PowerShell. In particular, the models using Doc2Vec decreased the recall rate by 0.78 at maximum. The effect mainly depends on the NLP technique, and there was almost no difference in any machine learning models with LSI.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Evaluating the Possibility of Evasion Attacks to Machine Learning-Based Models for Malicious PowerShell Detection