Skip to content

该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容,希望对您有所帮助!

Notifications You must be signed in to change notification settings

eastmountyxz/PowershellDetect

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 

Repository files navigation

PowershellDetect

该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容,希望对您有所帮助!

LotL离地攻击:

作者博客:

  • Powershell恶意代码检测 (1)论文总结及抽象语法树(AST)提取
  • Powershell恶意代码检测 (2)抽象语法树自动提取万字详解
  • Powershell恶意代码检测 (3)Token关键词自动提取
  • Powershell恶意代码检测 (4)混淆和反混淆
  • Powershell恶意代码检测 (5)APT中的Powershell、常用数据集及数据标注实验

一.学术论文

(1) Zhenyuan Li, et al. Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts. CCS, 2019: 1831-1847.

(2) Danny Hendler, et al. Detecting Malicious PowerShell Commands using Deep Neural Networks. AsiaCCS, 2018: 187-197.

(3) Danny Hendler, et al. AMSI-Based Detection of Malicious PowerShell Code Using Contextual Embeddings. AsiaCCS, 2020: 679-693

(4) 刘岳, 刘宝旭, 等. 基于特征组合的Powershell恶意代码检测方法[J]. 信息安全学报, 2021, 6(1): 40-53.

  • 中科院信工所

(5) Yong Fang, Xiangyu Zhou, Cheng Huang. Effective method for detecting malicious PowerShell scripts based on hybrid features. Neurocomputing, 448: 30-39 (2021).

(6) 彭国军, 等. 基于深度学习的PowerShell恶意代码家族分类研究[J]. 武汉大学学报(理学版), 2022(1)

  • 武汉大学国家网络安全学院

(7) Gili Rusak, et al. AST-Based Deep Learning for Detecting Malicious PowerShell. CCS, 2018: 2276-2278.

(8) Chao Liu, et al. PSDEM: A Feasible De-Obfuscation Method for Malicious PowerShell Detection. ISCC, 2018: 825-831.

(9) Denis Ugarte, et al. PowerDrive: Accurate De-obfuscation and Analysis of PowerShell Malware. DIMVA,2019: 240-259.

(10) Jian Zhang, et al. A Novel Neural Source Code Representation Based on Abstract Syntax Tree. 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), 2019.

(11) G. M. Malandrone, G. Virdis, G. Giacinto , D. Maiorca. PowerDecode: a PowerShell Script Decoder Dedicated to Malware Analysis. 5th Italian Conference on CyberSecurity (ITASEC), 2021.

(12) C. Xiong, Z. Li, et al. Generic, efficient, and effective deobfuscation and semantic-aware attack detection for PowerShell scripts. Frontiers of Information Technology & Electronic Engineering, vol.23, no.3, 2022, pp. 361-381.

(13) A. Alahmadi, N. Alkhraan, et al. MPSAutodetect: A Malicious Powershell Script Detection Model Based on Stacked Denoising Auto-Encoder. Computers & Security, vol.116, 2022, p. 102658.


二.开源工具

(1) github

(2) 其他


三.混淆及反混淆


四.抽象语法树


五.恶意性检测


By:Eastmount CSDN 2022-03-20

About

该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容,希望对您有所帮助!

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published