{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T10:02:05Z","timestamp":1771236125139,"version":"3.50.1"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030582005","type":"print"},{"value":"9783030582012","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58201-2_13","type":"book-chapter","created":{"date-parts":[[2020,9,13]],"date-time":"2020-09-13T23:02:29Z","timestamp":1600038149000},"page":"189-202","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["IMShell-Dec: Pay More Attention to External Links in PowerShell"],"prefix":"10.1007","author":[{"given":"RuiDong","family":"Han","sequence":"first","affiliation":[]},{"given":"Chao","family":"Yang","sequence":"additional","affiliation":[]},{"given":"JianFeng","family":"Ma","sequence":"additional","affiliation":[]},{"given":"Siqi","family":"Ma","sequence":"additional","affiliation":[]},{"given":"YunBo","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Feng","family":"Li","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,14]]},"reference":[{"key":"13_CR1","unstructured":"Abadi, M., Xie, Y., Yu, F., John, J.P.: Identifying malicious queries, US Patent 8,495,742, 23 July 2013"},{"issue":"6","key":"13_CR2","doi-asserted-by":"publisher","first-page":"1609","DOI":"10.1007\/s10489-017-0989-x","volume":"48","author":"A Adeli","year":"2017","unstructured":"Adeli, A., Broumandnia, A.: Image steganalysis using improved particle swarm optimization based feature selection. Appl. Intell. 48(6), 1609\u20131622 (2017). https:\/\/doi.org\/10.1007\/s10489-017-0989-x","journal-title":"Appl. Intell."},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Antoniol, G., Ayari, K., Di Penta, M., Khomh, F., Gu\u00e9h\u00e9neuc, Y.G.: Is it a bug or an enhancement?: a text-based approach to classify change requests. In: CASCON, vol. 8, pp. 304\u2013318 (2008)","DOI":"10.1145\/1463788.1463819"},{"key":"13_CR4","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1016\/j.jvcir.2018.06.004","volume":"55","author":"J Chen","year":"2018","unstructured":"Chen, J., Lu, W., Fang, Y., Liu, X., Yeung, Y., Xue, Y.: Binary image steganalysis based on local texture pattern. J. Vis. Commun. Image Represent. 55, 149\u2013156 (2018)","journal-title":"J. Vis. Commun. Image Represent."},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. Technical report, WISCONSIN UNIV-MADISON DEPT OF COMPUTER SCIENCES (2006)","DOI":"10.21236\/ADA449067"},{"key":"13_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/978-3-319-93411-2_14","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Fass","year":"2018","unstructured":"Fass, A., Krawczyk, R.P., Backes, M., Stock, B.: JaSt: fully syntactic detection of malicious (Obfuscated) JavaScript. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 303\u2013325. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-93411-2_14"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"13_CR8","doi-asserted-by":"crossref","unstructured":"Hendler, D., Kels, S., Rubin, A.: Detecting malicious PowerShell commands using deep neural networks. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 187\u2013197. ACM (2018)","DOI":"10.1145\/3196494.3196511"},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"Ke, Q., Ming, L.D., Daxing, Z.: Image steganalysis via multi-column convolutional neural network. In: 2018 14th IEEE International Conference on Signal Processing, pp. 550\u2013553 (2018)","DOI":"10.1109\/ICSP.2018.8652324"},{"key":"13_CR10","unstructured":"Kertesz, V., et al.: Dynamic data exchange server, US Patent 5,764,155 (1998)"},{"key":"13_CR11","first-page":"9","volume":"2017","author":"N Khan","year":"2017","unstructured":"Khan, N., Abdullah, J., Khan, A.S.: Defending malicious script attacks using machine learning classifiers. Wirel. Commun. Mob. Comput. 2017, 9 (2017)","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"13_CR12","volume-title":"Windows PowerShell 2.0 Bible","author":"T Lee","year":"2011","unstructured":"Lee, T., Mitschke, K., Schill, M.E., Tanasovski, T.: Windows PowerShell 2.0 Bible, vol. 725. Wiley, Hoboken (2011)"},{"issue":"4","key":"13_CR13","doi-asserted-by":"publisher","first-page":"485","DOI":"10.1109\/TSE.2008.35","volume":"34","author":"S Lessmann","year":"2008","unstructured":"Lessmann, S., Baesens, B., Mues, C., Pietsch, S.: Benchmarking classification models for software defect prediction: a proposed framework and novel findings. IEEE Trans. Softw. Eng. 34(4), 485\u2013496 (2008)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"5","key":"13_CR14","doi-asserted-by":"publisher","first-page":"650","DOI":"10.1109\/LSP.2018.2816569","volume":"25","author":"B Li","year":"2018","unstructured":"Li, B., Wei, W., Ferreira, A., Tan, S.: ReST-Net: diverse activation modules and parallel subnets-based CNN for spatial image steganalysis. IEEE Signal Process. Lett. 25(5), 650\u2013654 (2018)","journal-title":"IEEE Signal Process. Lett."},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Li, Z., Chen, Q.A., Xiong, C., Chen, Y., Zhu, T., Yang, H.: Effective and light-weight deobfuscation and semantic-aware attack detection for PowerShell scripts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1831\u20131847. ACM (2019)","DOI":"10.1145\/3319535.3363187"},{"key":"13_CR16","unstructured":"Milosevic, J., Sklavos, N., Koutsikou, K.: Malware in IoT software and hardware. In: Workshop on Trustworthy Manufacturing and Utilization of Secure Devices, pp. 14\u201316 (2016)"},{"key":"13_CR17","doi-asserted-by":"crossref","unstructured":"Moser, R., Pedrycz, W., Succi, G.: A comparative analysis of the efficiency of change metrics and static code attributes for defect prediction. In: Proceedings of the 30th International Conference on Software Engineering, pp. 181\u2013190. ACM (2008)","DOI":"10.1145\/1368088.1368114"},{"issue":"1","key":"13_CR18","doi-asserted-by":"publisher","first-page":"805","DOI":"10.1007\/s11042-016-4273-6","volume":"77","author":"S Shojae Chaeikar","year":"2018","unstructured":"Shojae Chaeikar, S., Zamani, M., Abdul Manaf, A.B., Zeki, A.M.: PSW statistical LSB image steganalysis. Multimedia Tools Appl. 77(1), 805\u2013835 (2018)","journal-title":"Multimedia Tools Appl."},{"key":"13_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1007\/978-3-030-22038-9_12","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"D Ugarte","year":"2019","unstructured":"Ugarte, D., Maiorca, D., Cara, F., Giacinto, G.: PowerDrive: accurate de-obfuscation and analysis of PowerShell malware. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds.) DIMVA 2019. LNCS, vol. 11543, pp. 240\u2013259. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-22038-9_12"},{"key":"13_CR20","doi-asserted-by":"crossref","unstructured":"Wilson, E.: Windows PowerShell 3.0 First Steps. Pearson Education (2013)","DOI":"10.1007\/978-1-4842-0016-2_1"},{"issue":"9","key":"13_CR21","doi-asserted-by":"publisher","first-page":"10437","DOI":"10.1007\/s11042-017-4440-4","volume":"77","author":"S Wu","year":"2017","unstructured":"Wu, S., Zhong, S., Liu, Y.: Deep residual learning for image steganalysis. Multimedia Tools Appl. 77(9), 10437\u201310453 (2017). https:\/\/doi.org\/10.1007\/s11042-017-4440-4","journal-title":"Multimedia Tools Appl."},{"issue":"11","key":"13_CR22","doi-asserted-by":"publisher","first-page":"2545","DOI":"10.1109\/TIFS.2017.2710946","volume":"12","author":"J Ye","year":"2017","unstructured":"Ye, J., Ni, J., Yi, Y.: Deep learning hierarchical representations for image steganalysis. IEEE Trans. Inf. Forensics Secur. 12(11), 2545\u20132557 (2017)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"5","key":"13_CR23","doi-asserted-by":"publisher","first-page":"1200","DOI":"10.1109\/TIFS.2017.2779446","volume":"13","author":"J Zeng","year":"2018","unstructured":"Zeng, J., Tan, S., Li, B., Huang, J.: Large-scale JPEG image steganalysis using hybrid deep-learning framework. IEEE Trans. Inf. Forensics Secur. 13(5), 1200\u20131214 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58201-2_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,14]],"date-time":"2024-09-14T00:08:09Z","timestamp":1726272489000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58201-2_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030582005","9783030582012"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58201-2_13","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"14 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"35","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2020.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"149","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.88","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5.14","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}