{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T10:45:12Z","timestamp":1767523512199,"version":"3.40.3"},"publisher-location":"Cham","reference-count":21,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030129415"},{"type":"electronic","value":"9783030129422"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-12942-2_13","type":"book-chapter","created":{"date-parts":[[2019,2,5]],"date-time":"2019-02-05T13:26:50Z","timestamp":1549373210000},"page":"157-169","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Detecting Malicious Windows Commands Using Natural Language Processing Techniques"],"prefix":"10.1007","author":[{"given":"Muhammd Mudassar","family":"Yamin","sequence":"first","affiliation":[]},{"given":"Basel","family":"Katt","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,2,6]]},"reference":[{"key":"13_CR1","unstructured":"Balakrishnan, A., Schulze, C.: Code Obfuscation Literature Survey. http:\/\/pages.cs.wisc.edu\/~arinib\/writeup.pdf . Accessed 1 Oct 2018"},{"key":"13_CR2","unstructured":"Konstantinou, E.: Metamorphic virus: analysis and detection. RHUL-MA-2008-02, Technical report of University of London, January 2008. http:\/\/www.rhul.ac.uk\/mathematics\/techreports"},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Hendler, D., Kels, S., Rubin, A.: Detecting malicious PowerShell commands using deep neural networks. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 187\u2013197. ACM (2018)","DOI":"10.1145\/3196494.3196511"},{"key":"13_CR4","doi-asserted-by":"crossref","unstructured":"Kim, S., Hong, S., Oh, J., Lee, H.: Obfuscated VBA macro detection using machine learning. In: 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 490\u2013501. IEEE (2018)","DOI":"10.1109\/DSN.2018.00057"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Peng, T., Harris, I., Sawa, Y.: Detecting phishing attacks using natural language processing and machine learning. In: 2018 IEEE 12th International Conference on Semantic Computing (ICSC), pp. 300\u2013301. IEEE (2018)","DOI":"10.1109\/ICSC.2018.00056"},{"key":"13_CR6","unstructured":"McCallum, A., Nigam, K.: A comparison of event models for naive bayes text classification. In: AAAI-98 Workshop on Learning for Text Categorization, vol. 752, no. 1, pp. 41\u201348 (1998)"},{"key":"13_CR7","unstructured":"FIN7 hacking group is switched to new techniques to evade detection. https:\/\/securityaffairs.co\/wordpress\/64083\/apt\/fin7-new-techniques.html . Accessed 1 Oct 2018"},{"key":"13_CR8","unstructured":"Invoke-DOSfuscation. https:\/\/github.com\/danielbohannon\/Invoke-DOSfuscation . Accessed 1 Oct 2018"},{"key":"13_CR9","unstructured":"Invoke-Obfuscation. https:\/\/github.com\/danielbohannon\/Invoke-Obfuscation . Accessed 1 Oct 2018"},{"key":"13_CR10","unstructured":"DOSfuscation: Exploring the Depths of CMD.exe Obfuscation and Detection Techniques. https:\/\/www.fireeye.com\/blog\/threat-research\/2018\/03\/dosfuscation-exploring-obfuscation-and-detection-techniques.html . Accessed 1 Oct 2018"},{"key":"13_CR11","unstructured":"Malicious PowerShell Detection via Machine Learning. https:\/\/www.fireeye.com\/blog\/threat-research\/2018\/07\/malicious-powershell-detection-via-machine-learning.html . Accessed 1 Oct 2018"},{"key":"13_CR12","unstructured":"Yegnanarayana, B.: Artificial Neural Networks. PHI Learning Pvt. Ltd. (2009)"},{"key":"13_CR13","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/j.neucom.2016.12.038","volume":"234","author":"W Liu","year":"2017","unstructured":"Liu, W., Wang, Z., Liu, X., Zeng, N., Liu, Y., Alsaadi, F.E.: A survey of deep neural network architectures and their applications. Neurocomputing 234, 11\u201326 (2017)","journal-title":"Neurocomputing"},{"key":"13_CR14","doi-asserted-by":"crossref","unstructured":"Lai, S., Xu, L., Liu, K., Zhao, J.: Recurrent convolutional neural networks for text classification. In: AAAI, vol. 333, pp. 2267\u20132273 (2015)","DOI":"10.1609\/aaai.v29i1.9513"},{"key":"13_CR15","unstructured":"2 Layer neural Network. https:\/\/blog.csdn.net\/shebao3333\/article\/details\/78739298 . Accessed 1 Oct 2018"},{"key":"13_CR16","unstructured":"Detecting Lateral Movement through Tracking Event Logs (Version 2). https:\/\/blog.jpcert.or.jp\/2017\/12\/research-report-released-detecting-lateral-movement-through-tracking-event-logs-version-2.html . Accessed 22 Oct 2018"},{"key":"13_CR17","unstructured":"Natural language tool kit. https:\/\/www.nltk.org\/ . Accessed 1 Oct 2018"},{"key":"13_CR18","unstructured":"Powersploit. https:\/\/github.com\/PowerShellMafia\/PowerSploit . Accessed 1 Oct 2018"},{"key":"13_CR19","unstructured":"Windows Post Exploitation Command Execution. https:\/\/repo.zenk-security.com\/ . Accessed 1 Oct 2018"},{"key":"13_CR20","unstructured":"Nump. http:\/\/www.numpy.org\/ . Accessed 1 Oct 2018"},{"key":"13_CR21","unstructured":"Sigmoid Function. http:\/\/mathworld.wolfram.com\/SigmoidFunction.html . Accessed 1 Oct 2018"}],"container-title":["Lecture Notes in Computer Science","Innovative Security Solutions for Information Technology and Communications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-12942-2_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,11]],"date-time":"2022-09-11T12:07:14Z","timestamp":1662898034000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-12942-2_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030129415","9783030129422"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-12942-2_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"6 February 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SECITC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security for Information Technology and Communications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bucharest","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Romania","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 November 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 November 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"itc2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.secitc.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"70","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"35","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"50% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"2.0","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"5.0","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Three papers of invited keynote speakers are included.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}